Fix It Easy Security Headers
| 开发者 | wpfixit |
|---|---|
| 更新时间 | 2025年8月25日 01:31 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
WP Fix It Easy Security Headers adds a simple page under Tools → Security Headers where you can toggle common HTTP security headers:
- Strict-Transport-Security (HSTS)
- Content-Security-Policy (CSP)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
home_url()).
Notes on CSP
This plugin ships with a permissive default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site.
Key Features
- One-click toggles for popular headers
- Dynamic “Check Headers” scan link
- Uses the WordPress Settings API (nonce + capability checks)
- Output escaping and sanitization following PHPCS
安装:
- Upload the plugin folder to
/wp-content/plugins/fix-it-easy-security-headers/or install via Plugins → Add New. - Activate the plugin.
- You’ll be redirected to Tools → Security Headers. Review and adjust toggles as needed.
- (Optional) Click Check Headers to verify your headers on SecurityHeaders.com.
常见问题:
Where do I manage the settings?
Go to Tools → Security Headers.
What happens on activation?
All header options are enabled and you’re redirected once to the settings page.
Will this break my site?
Most headers are safe defaults. The provided CSP is intentionally permissive; it shouldn’t block assets. For strict CSPs, tailor directives to your stack and test.
Can I use this on multisite?
Yes. The “Check Headers” URL is derived from home_url(). Activation redirect is skipped for network/bulk activations.
Why don’t I see a “Settings saved” notice twice?
The page prints only this plugin’s scoped settings messages to avoid duplicate notices.
Can I customize the CSP?
Yes. You can modify the $csp string in security_headers_add_headers() to fit your site’s needs.
更新日志:
1.1
- Initial release.
- Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
- Activation enables all options and redirects to settings.
- Dynamic SecurityHeaders.com scan link.