BoundaryGuard Headers
| 开发者 | jsjack74 |
|---|---|
| 更新时间 | 2026年1月5日 16:19 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks.
Key Features:
- Essential Protection: Adds X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking.
- HSTS (Strict Transport Security): Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks.
- Advanced Isolation (COOP/COEP): Enables Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks.
- Content Security Policy (CSP): One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more.
- CSP Report-Only Mode: Test your policy safely without blocking content.
- Server Header Hardening: Removes or limits exposure of headers such as
X-Powered-ByandServer. - Lightweight and Fast: Uses PHP headers for broad server compatibility and minimal performance impact.
- No
.htaccessEditing Required: Works without modifying server configuration files.
安装:
- Upload the
boundaryguard-headersfolder to the/wp-content/plugins/directory. - Activate the plugin through the Plugins menu in WordPress.
- Configure the settings from Settings → BoundaryGuard Headers.
常见问题:
Does this plugin edit .htaccess?
No. BoundaryGuard Headers uses PHP headers, which improves compatibility across different hosting environments.
Can I test Content Security Policy without breaking my site?
Yes. The plugin includes a CSP Report-Only Mode that allows you to monitor policy violations without blocking any resources.
Will this affect site performance?
No. The plugin is lightweight and adds negligible overhead, as headers are sent as part of the normal HTTP response.
更新日志:
1.0.0
- Initial release
- Added essential HTTP security headers
- Implemented HSTS support
- Added CSP builder with report-only mode