| 开发者 |
2721
chetan2721 |
|---|---|
| 更新时间 | 2026年6月29日 01:43 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
/wp-content/plugins/ directory, or install the plugin directly through the WordPress Plugins screen.Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. This plugin allows you to seamlessly build your CSP rules to restrict which external resources (such as scripts, stylesheets, and images) can be loaded, actively preventing malicious scripts from executing on your site.
Yes. Security Headers Audit is designed to be installed safely on both new and existing WordPress websites. However, because strict security headers (like HSTS and rigid CSP rules) can inadvertently block legitimate resources or break site functionality if misconfigured, we strongly recommend testing all security header changes in a staging environment or utilizing report-only modes before enforcing them on a live production site.
No. Security Headers Audit is incredibly lightweight and built with maximum performance in mind. The security headers are injected rapidly at the server response level, causing zero measurable impact on your frontend loading speeds. All audit logs are asynchronously collected and efficiently stored in optimized database tables within WordPress.
Yes. The plugin respects your database hygiene. It includes a built-in uninstall routine that ensures all custom database tables, audit logs, and settings configurations are completely removed when you explicitly delete the plugin, leaving no orphaned data behind.
If you accidentally misconfigure Strict-Transport-Security (HSTS) or your Content Security Policy (CSP) causing your site to break, you can safely deactivate the plugin via FTP or a File Manager by renaming the /wp-content/plugins/chetan-security-headers-audit/ folder. This will instantly disable the headers and restore normal access so you can readjust your settings.
security-headers-audit).strict_types from executing correctly on specific Windows/PowerShell environments.