Andy Tran

How to Add HTTP Security Headers in WordPress

by | Feb 15, 2022 | Wordpress

How to Add HTTP Security Headers in WordPress

HTTP security themes allow you to add an extra layer of security to your WordPress website. they can help prevent malicious interest from disrupting the entire functioning of your website.

Let’s see what the Security Title is and how it affects the health of the site.

error-securityheader

HTTP security articles are security protocols that allow your website server to protect other common security threats prematurely rather than compromise your internet site.

when a customer visits your website, your web server sends HTTP header feedback back into their browser. This answer tells browsers about code errors, cache cheating, and other situations.

The daily response to a problem is a situation known as HTTP 200. and then your internet site becomes cluttered within the user’s browser. however, if your internet site has a problem then your server may send a different HTTP header.

 

HTTP Security Headers and their description :

We will explain the security topics below, and how to add them in person.

  • HSTS – While this topic is right for your domain, the browser will make all requests to your website via HTTPS from then on.
  • Upgrade-Insecure-Requests Requests – This article is an additional way to force your local applications more than https://
  • X-Content-Type-Options – This article will compel the browser not to guess ’which type of statistics are passing. If the extension says “.doc”, the browser needs to find the text record, now not the other (a .exe).
  • X-XSS-Protection – Will stop pages from loading if the attack is find via pass-website scripting (XSS).
  • Expect-CT, Certificate Transparency – Certificate Authorization (provider of SSL certificates) wishes to enter certificates that can be issued in a separate log, CT framework, to stop fraud.
  • No Transfer When Downgrade Title – Simple set referrer when it comes from the same protocol and now not when downloading (HTTPS> HTTP).
  • X-Frame Options – Restricts iframes, embedding, and objects in your domain.
  • Permissions-Policy – Allows sites to have very strict restrictions on the roots that can be assigned to access features. For more records see the theme of our dedicated permit policy.

Adding HTTP Security Headers in WordPress using .htaccess

Step: 1 Open the .htaccess file for your project. Go to cpanel >> File manager >> public-html >> .htaccess and add the code below to your file.
Note: public-HTML folder name may differ as htdocs.

HSTS

Upload the next line between the comments as shown above. we will also stop experimenting with it. we are also able to duplicate comments, please do not duplicate comments within the file.

# Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS 
# End Simple SSL

Upgrade-Insecure-Requests

# Simple SSL
Header always set Content-Security-Policy "upgrade-insecure-requests"
# End Simple SSL

X-XSS-Protection

# Simple SSL
Header always set X-Content-Type-Options "nosniff"
# End Simple SSL

X-Content-Type-Options

# Simple SSL
Header always set X-XSS-Protection "1; mode=block"
# End Simple SSL

Expect-CT, Certificate Transparency

# Simple SSL
Header always set Expect-CT "max-age=7776000, enforce"
# End Simple SSL

 No Referrer When Downgrade header

# Simple SSL
Header always set Referrer-Policy: "no-referrer-when-downgrade"
# End Simple SSL

 X-Frame-Options header

# Simple SSL
Header always set X-Frame-Options: "SAMEORIGIN"
# End Simple SSL

Permissions-Policy header

# Simple SSL
Header always set Permissions-Policy: " 
# End Simple SSL

Uploading Of .htaccess file

before importing, make sure you have a backup of your .htaccess disconnect document. as an example:

  1. Upload a new file with 1htaccess file name
  2. Change the current .htaccess to htaccessback-up
  3. Convert 1htaccess to .htaccess to open your new file.

Follow this link for more simple ssl.com

Learn more from our other WordPress Blogs

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *