WG235 A22 - Web Administrators must only use encrypted connections for Document Root directory uploads.
Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Use only secure encrypted logons and connections for uploading files to the web site.