Security Headers Audit
| 开发者 | 2721 |
|---|---|
| 更新时间 | 2026年6月20日 02:41 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Security Headers Audit helps WordPress site owners strengthen browser-side security through modern HTTP security headers and comprehensive auditing tools.
The plugin provides an easy-to-use interface for configuring recommended security headers, monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress.
By implementing industry-standard browser security protections, Security Headers Audit can help reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type attacks, and unsafe cross-origin interactions.
安装:
- Upload the plugin files to the
/wp-content/plugins-security-headers-auditdirectory, or install the plugin through the WordPress Plugins screen. - Activate the plugin through the "Plugins" screen in WordPress.
- Open the Security Headers Audit" menu in the WordPress admin dashboard.
- Configure your preferred security headers and auditing options.
- Save your settings.
常见问题:
What is Content Security Policy (CSP)?
Content Security Policy (CSP) is a browser security mechanism that helps prevent Cross-Site Scripting (XSS) and code injection attacks by controlling which resources can be loaded and executed.
Can I use Security Headers Audit on existing websites?
Yes. Security Headers Audit can be installed on both new and existing WordPress websites. Always test security header changes in a staging environment before deploying to production.
Does the plugin impact website performance?
Security Headers Audit is lightweight and designed to have minimal impact on performance. Security headers are applied during normal request processing, while audit data is stored efficiently within WordPress.
Does Security Headers Audit remove data on uninstall?
Yes. The plugin includes uninstall cleanup functionality to remove plugin-generated data if desired.
更新日志:
1.0.0
- Initial public release.
- Added HTTP Security Headers management.
- Added Content Security Policy (CSP) support.
- Added Strict-Transport-Security (HSTS) support.
- Added X-Frame-Options configuration.
- Added X-Content-Type-Options configuration.
- Added Referrer-Policy configuration.
- Added Permissions-Policy configuration.
- Added Cross-Origin policies (COOP, COEP, CORP).
- Added CSP violation logging.
- Added browser console error logging.
- Added security audit trail.
- Added settings management dashboard.
- Added import and export functionality.
- Added uninstall cleanup support.