HTTP Security Header
| 开发者 | mohitgoyal1108 |
|---|---|
| 更新时间 | 2025年1月2日 16:43 |
| PHP版本: | 7.0 及以上 |
| WordPress版本: | 6.7.1 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options (Prevents clickjacking)
- X-Content-Type-Options (Prevents MIME-type sniffing)
- Referrer-Policy (Controls the referrer header information)
- Content-Security-Policy (Restricts unauthorized content loading to protect against attacks like XSS)
- X-XSS-Protection (Prevents Cross-Site Scripting attacks)
- Permissions-Policy (Merged with Feature-Policy to control browser features)
- X-Permitted-Cross-Domain-Policies (Restricts cross-domain resource sharing)
- Expect-CT (Enforces certificate transparency)
- Cross-Origin-Opener-Policy (Prevents cross-origin attacks by isolating browsing contexts)
- Cross-Origin-Resource-Policy (Restricts sharing of resources across different origins)
- Seamlessly compatible with WP-Rocket and similar caching plugins, ensuring that security headers remain effective. Easily toggle each security header from the WordPress admin panel to improve the security of your website without requiring manual code changes.
安装:
- Download the plugin and unzip the folder.
- Upload the
security-headerfolder to the/wp-content/plugins/directory. - Activate the plugin through the 'Plugins' menu in WordPress.
- Go to Settings > Security Headers to configure the plugin options.
屏幕截图:
常见问题:
What security headers can I enable with this plugin?
You can enable the following security headers:
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Content-Security-Policy (CSP)
- X-XSS-Protection
- Permissions-Policy (Merged with Feature-Policy)
- X-Permitted-Cross-Domain-Policies
- Expect-CT
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Resource-Policy (CORP)
Does this plugin work with WP-Rocket?
Yes, the plugin is fully compatible with WP-Rocket. It ensures that security headers are preserved even when WP-Rocket caching is enabled by directly modifying the .htaccess file.
Does this plugin work with all themes?
Yes, this plugin works with all WordPress themes, as it modifies the HTTP headers sent by your web server without affecting the content or styling of your site.
Does this plugin modify the .htaccess file directly?
Yes, the plugin modifies the .htaccess file to set headers at the server level, ensuring maximum security. This method provides robust header implementation while maintaining compatibility with caching plugins.
Are these headers compatible with all browsers?
Most modern browsers, including Chrome, Edge, Firefox, and Safari, support these security headers. However, some older browsers may not fully support certain headers like Content-Security-Policy (CSP) or Permissions-Policy. To ensure maximum security, we recommend using a modern browser and checking header compatibility at Can I Use.
Is coding knowledge required to use this plugin?
No coding knowledge is required. The plugin provides a simple admin interface where you can enable or disable headers with just a click.
How do I know if the headers are working?
You can use tools like InspiredMonks.com or browser developer tools to inspect the HTTP headers and confirm that your settings are applied correctly.
What should I do if a security header is causing an issue?
If a specific header is interfering with your website or a third-party service, you can disable it from the Settings > Security Headers page. Each header is independently configurable, so you can toggle only the ones you need.
Does this plugin affect website performance?
Adding security headers generally has a minimal impact on performance. The headers are small in size and add a negligible amount of data to each request. This plugin only sets headers at the server level without altering front-end content or site functionality.
Can I use this plugin on a multisite installation?
Yes, the Security Header plugin is compatible with WordPress multisite installations. However, you’ll need to configure security headers individually for each site in the network.
Will this plugin prevent all types of attacks?
While security headers provide a robust layer of protection against specific attack vectors (e.g., XSS, clickjacking), they are not a complete security solution. Using this plugin in combination with other security practices, such as regular updates, strong passwords, and security plugins, is recommended.
How do I uninstall the plugin, and what happens to the headers?
To uninstall, simply deactivate and delete the plugin from the Plugins menu. All headers set by the plugin will be removed, restoring your website to its previous state.
更新日志:
- Merged Feature-Policy with Permissions-Policy.
- Enhanced
.htaccessupdate mechanism for direct server-level security. - Improved default Content-Security-Policy (CSP) with standardized directives.
- Fixed validation issues for Permissions-Policy.
- Resolved caching-related issues and added full compatibility with WP-Rocket.
- Bug fixes and compatibility updates.
- Added support for Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Resource-Policy (CORP) headers.
- Updated the plugin interface for improved user experience.
- Bug fixes and improvements.
- Minor improvements and compatibility updates.
- Updated plugin name to "HTTP Security Header".
- Minor improvements and compatibility updates.
- Added new screenshots to demonstrate website security before and after using the plugin.
- Updated the settings page layout to use a modern div-based structure instead of a table.
- Applied styling to checkboxes for a sleek, modern look.
- Improved overall user interface and experience on the admin dashboard.
- Minor bug fixes and code optimizations.
- Added Feature-Policy header.
- Updated prefixes to improve compatibility and prevent conflicts.
- Added protection to prevent direct file access.
- Initial release with core security headers: HSTS, X-Frame-Options, X-Content-Type-Options, and more.
- Added support for
X-Permitted-Cross-Domain-Policies,Expect-CT, andPermissions-Policyheaders. - Enhanced security and stability.