Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

HTTP header improved security

Plugin to add HTTP header improved security

This plug-in helps setting up the various header instructions included in the HTTP protocol allowing simple improvement of your website security. As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.

This plug-in provides security enhancement by enabling follow measures:

  • HSTS (Strict-Transport-Security)
  • CSP (Content-Security-Policy)
  • Clickjacking mitigation (X-Frame-Options in main site)
  • XSS protection (X-XSS-Protection)
  • Disabling content sniffing (X-Content-Type-Options)
  • Remove PHP version information from the HTTP header
  • Remove WordPress version information from the header

securityheaders.io is a useful resource for evaluating your web site's security.

Author Carl Conrad
Profile
Contributors carlconrad
Tags csp, hsts, HTTP headers, https, security
  1. http-security screenshot 1

    Main and only screen.

  1. Upload the plugin files to the /wp-content/plugins/http-security directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the 'Plugins' screen in WordPress.
  3. Use the Settings->HTTP Security screen to configure the plugin.

1.10.4

  • Improved ergonomics

1.10.3

  • Fixed HSTS syntax warning

1.10

  • Added support for Content-Security-Policy

1.9

  • Added critical issues notifications

1.8

  • Included localization support

1.7.5

  • Added max-age option to HSTS setting

1.7.3

  • File name change to comply with Wordprss guidelines

1.7

  • Minor fixes and code cleaning

1.6

  • Added option to remove WordPress version information from the header

1.5

  • Added option to remove PHP version information from the HTTP header

1.4

  • Included link to submit site preload to browsers
  • Reduced HSTS max-age to one year

1.3

  • Added X-Frame-Options protection.
  • Added X-Content-Type-Options protection.
  • Added HSTS options.

1.2

  • Repository fix.

1.1

  • Added XSS protection option.

1.0

  • First stable version providing basic HSTS support.

How can I test the plug-in runs effectively?

Check the HTTP headers of your web site.

Share  
Download
Version 1.10.4

Requires WordPress version: 3.3 or higher

Compatible up to: 4.7.2

Last Updated 10 Feb 2017

Date Added: 12 Dec 2016

Evaluation
star1
star2
star3
star4
star5

5 stars
1 ratings
444 downloads

Compatibility

Not Enough Data

Reports:
Works: 0
Broken: 0