Linux 软件免费装
Banner图

Security Headers Audit

开发者 2721
chetan2721
更新时间 2026年6月29日 01:43
PHP版本: 8.0 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security audit log xss csp security headers hardening

下载

1.0.0 1.0.1

详情介绍:

Security Headers Audit empowers WordPress site owners to fortify their browser-side security through modern HTTP security headers and robust, comprehensive auditing tools. The plugin provides a professional, easy-to-use interface for configuring recommended security headers, seamlessly monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress. By proactively implementing industry-standard browser security protections, Security Headers Audit helps drastically reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type sniffing attacks, and unsafe cross-origin interactions.

安装:

  1. Upload the plugin folder to the /wp-content/plugins/ directory, or install the plugin directly through the WordPress Plugins screen.
  2. Activate the plugin through the "Plugins" screen in WordPress.
  3. Locate the new "Security Headers Audit" menu within your WordPress admin dashboard.
  4. Navigate to the Settings tab to configure your preferred security headers and auditing options.
  5. Save your settings and run the built-in Header Checker to verify your new security grade!

屏幕截图:

  • **CSP Audit Log** - Easily monitor Content Security Policy violations and fix them with the click of a button.
  • **Browser Console Log** - Capture and review JavaScript console errors experienced by your visitors.
  • **Header Checker** - Instantly test your website's security header grade within the WordPress dashboard.

升级注意事项:

1.0.1 Major code cleanup and menu slug renaming. Enhances overall stability and removes redundant strings. 1.0.0 Initial release of Security Headers Audit.

常见问题:

What is Content Security Policy (CSP)?

Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. This plugin allows you to seamlessly build your CSP rules to restrict which external resources (such as scripts, stylesheets, and images) can be loaded, actively preventing malicious scripts from executing on your site.

Can I safely use Security Headers Audit on existing live websites?

Yes. Security Headers Audit is designed to be installed safely on both new and existing WordPress websites. However, because strict security headers (like HSTS and rigid CSP rules) can inadvertently block legitimate resources or break site functionality if misconfigured, we strongly recommend testing all security header changes in a staging environment or utilizing report-only modes before enforcing them on a live production site.

Will this plugin slow down my website performance?

No. Security Headers Audit is incredibly lightweight and built with maximum performance in mind. The security headers are injected rapidly at the server response level, causing zero measurable impact on your frontend loading speeds. All audit logs are asynchronously collected and efficiently stored in optimized database tables within WordPress.

Does Security Headers Audit clean up its data upon uninstall?

Yes. The plugin respects your database hygiene. It includes a built-in uninstall routine that ensures all custom database tables, audit logs, and settings configurations are completely removed when you explicitly delete the plugin, leaving no orphaned data behind.

What happens if I lock myself out with HSTS or a strict CSP?

If you accidentally misconfigure Strict-Transport-Security (HSTS) or your Content Security Policy (CSP) causing your site to break, you can safely deactivate the plugin via FTP or a File Manager by renaming the /wp-content/plugins/chetan-security-headers-audit/ folder. This will instantly disable the headers and restore normal access so you can readjust your settings.

更新日志:

1.0.1 1.0.0