Plugin to add HTTP header improved security
| Author: | Carl Conrad (profile at wordpress.org) |
| WordPress version required: | 4.6 |
| WordPress version tested: | 5.4.1 |
| Plugin version: | 2.5.6 |
| Added to WordPress repository: | 05-12-2016 |
| Last updated: | 06-04-2020
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 96 |
| Rated by: | 18 |
| Plugin URI: | |
| Total downloads: | 42 635 |
| Active installs: | 10 000+ |
 Click to start download |
|
This plug-in helps setting up the various header instructions included in the HTTP protocol allowing for simple improvement of your website security.
This plug-in provides enabling of the following measures:
- HSTS (Strict-Transport-Security)
- CSP (Content-Security-Policy)
- Clickjacking mitigation (X-Frame-Options in main site)
- XSS protection (X-XSS-Protection)
- Disabling content sniffing (X-Content-Type-Options)
- Referrer policy
- Expect-CT
- Feature-Policy
- Remove PHP version information from the HTTP header
- Remove WordPress version information from the header
securityheaders.com is a useful resource for evaluating your web site’s security.
As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.