Linux 软件免费装
Banner图

Nubivio Security Headers, security.txt & NIS2 Compliance for Healthcare

开发者 nubivio
更新时间 2026年7月2日 17:29
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security headers hsts nis2 security-txt

下载

2.2.0 2.2.1 2.1.2

详情介绍:

Set the security headers that matter, publish a self-renewing security.txt (RFC 9116), and check your site against NIS2, the EU Cyber Resilience Act (CRA), GDPR and NEN 7510, all from one settings page. Built for general practitioners, psychologists and other healthcare professionals who need a defensible security baseline without a consultant. The defaults are safe to ship on a live site, and the plugin is built to move your score on the internet.nl test in the right direction. The compliance features are optional and read-only: they verify and document what you already have, and never change your hardening. Why healthcare sites use this It covers four areas: Security headers security.txt (RFC 9116) Compliance scanner (optional, new in 2.2.0) Gravity Forms (optional) This plugin configures headers and a security.txt and helps you document your posture. It is one building block toward NIS2, CRA, GDPR and NEN 7510, not a full compliance programme, and the generated documents are self-assessment starting points, not certifications. It cannot change DNS or server level items such as IPv6, the CAA record, the TLS key-exchange hash or DANE. Those are handled at your host or DNS provider.

安装:

  1. Upload the plugin folder to /wp-content/plugins/, or install the ZIP via Plugins, Add New, Upload Plugin.
  2. Activate the plugin.
  3. Open Settings, Nubivio Security.
  4. Set a Contact value under security.txt.
  5. To pass the internet.nl Content-Security-Policy check, enable CSP, test in Report-Only, add the domains your site needs, then turn Report-Only off to enforce.

屏幕截图:

  • The Compliance tab: compliance score, CRA, GDPR and NIS2 findings, site health checks and the security headers and security.txt evidence panels.
  • The compliance score at a glance, with the red / amber / green band and the high, medium and low finding counts.

升级注意事项:

2.2.1 Documentation and listing update only. No functional changes. 2.2.0 Adds an optional Compliance tab. Existing hardening is unchanged. 2.1.2 Adds listing assets (icon, banner, screenshot). No functional changes. 2.1.1 Filesystem operations now use the WP_Filesystem API. 2.1.0 Plugin renamed and code updated to meet WordPress.org review requirements. Settings move to Settings, Nubivio Security. 2.0.0 First public release.

常见问题:

Will activating the plugin break my site?

No. HSTS, nosniff, X-Frame-Options, Referrer-Policy and Permissions-Policy are safe defaults. Content-Security-Policy is off by default because a strict policy needs tuning per site.

How do I get a fully green internet.nl result?

Enable and enforce a Content-Security-Policy that fits your site, set Referrer-Policy to no-referrer or same-origin, and set a Contact for security.txt. IPv6, CAA, the TLS hash and DANE are out of scope and must be fixed at your host or DNS.

Can I publish a PGP key?

Yes. Paste your ASCII-armored public key in the security.txt section. The plugin hosts it at /.well-known/openpgp-key.txt and references it from security.txt as the Encryption field automatically.

Does this make me NIS2, CRA, GDPR or NEN 7510 compliant?

No single plugin can. It covers the public web hardening part (transport security, browser protections and a vulnerability disclosure contact), verifies it live, and generates starting-point documents such as a Vulnerability Disclosure Policy, an SBOM and a conformity declaration. It is a useful building block and an evidence tool, not a full compliance programme or a certification.

Is the Compliance tab safe to use?

Yes. It is optional and read-only. Scanning only reads your site and public WordPress.org data; it never changes your settings or hardening. If you never open the tab, nothing about your site changes.

Is Gravity Forms required?

No. The header and security.txt features work on any site. The form section only appears when Gravity Forms is active.

更新日志:

2.2.1 2.2.0 2.1.2 2.1.1 2.1.0 2.0.0