Found Image http://plugins.svn.wordpress.org/http-security/assets/icon-256x256.png HTTP headers to improve web site security | Plugin Review Network Skip to Content

Plugin Review Network

Plugin Review Network

an eye on the best wordpress plugins
Show Sidebar Hide Sidebar
[+] Sidebar [-] Sidebar
Plugin:
Rated:
100%
5 Stars (13 votes)

WP.Org

ReadMe

Support
  • Author:
    Carl Conrad
Version: 2.5.6
Requires: WP 4.6
Last Updated:1894 days ago
Downloads:35416
Tags:
Download Plugin Package

HTTP headers to improve web site security

Released on December 5, 2016.
Download Plugin Package

Version: 2.5.6

Donate link: https://www.paypal.me/conradcarl Use your HTTP header to improve security of your web site

  • Description
  • FAQ
  • Changelog
  • Installation
  • Screenshots


This plug-in helps setting up the various header instructions included in the HTTP protocol allowing for simple improvement of your website security.

This plug-in provides enabling of the following measures:

  • HSTS (Strict-Transport-Security)
  • CSP (Content-Security-Policy)
  • Clickjacking mitigation (X-Frame-Options in main site)
  • XSS protection (X-XSS-Protection)
  • Disabling content sniffing (X-Content-Type-Options)
  • Referrer policy
  • Expect-CT
  • Feature-Policy
  • Remove PHP version information from the HTTP header
  • Remove WordPress version information from the header

securityheaders.com is a useful resource for evaluating your web site’s security.

As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.

How can I test the plug-in runs effectively?

Check the HTTP headers of your web site.

2.5.6

  • Fixed some text escaping

2.5.5

  • Added missing text escaping

2.5.4

  • Added missing text escaping

2.5.3

  • Minor fix

2.5.2

  • Improved options sanitize

2.5.1

  • Minor fix

2.5

  • Tested with WordPress 5.4
  • Added support for Feature-Policy

2.4.2

  • Tested with WordPress 5.0

2.4

  • Added .htaccess instructions

2.3.2

  • Tested with WordPress 4.9

2.3

  • Added support for Expect-CT
  • Cleaned up the interface

2.2

  • Switched to languages packs

2.1

  • Added support for Referrer-Policy directive
  • Added uninstall database cleanup

2.0

  • Added support for all Content-Security-Policy directives
  • Reworked the user interface

1.11

  • Added setting the mode for x-frame-options

1.10.7

  • Removed HSTS header when connected in HTTP

1.10.3

  • Fixed HSTS syntax warning

1.10

  • Added support for Content-Security-Policy

1.9

  • Added critical issues notifications

1.7.5

  • Added max-age option to HSTS setting

1.6

  • Added option to remove WordPress version information from the header

1.5

  • Added option to remove PHP version information from the HTTP header

1.4

  • Included link to submit site preload to browsers
  • Reduced HSTS max-age to one year

1.3

  • Added X-Frame-Options protection.
  • Added X-Content-Type-Options protection.
  • Added HSTS options.

1.1

  • Added XSS protection option.

1.0

  • First stable version providing basic HSTS support.


  1. Upload the plugin files to the /wp-content/plugins/http-security directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the "Plugins" screen in WordPress.
  3. Use the Settings -> HTTP Security screen to configure the plugin.


General settings screen.
Screenshot 1


Content-Security-Policy directives settings screen.
Screenshot 2


.htaccess contents screen.
Screenshot 3



 

Click here to cancel reply.

Click here to cancel reply.


*

*


Please copy the string yyVEyd to the field below:

Home | Sitemap | Contact
Network Skin Theme for BioShip by WordQuest
Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.