开发者 | mohitgoyal1108 |
---|---|
更新时间 | 2024年11月19日 18:22 |
PHP版本: | 7.0 及以上 |
WordPress版本: | 6.7 |
版权: | GPLv2 or later |
版权网址: | 版权信息 |
security-header
folder to the /wp-content/plugins/
directory.You can enable the following security headers: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Content-Security-Policy, X-XSS-Protection, Permissions-Policy, X-Permitted-Cross-Domain-Policies, Expect-CT, and Feature-Policy.
Yes, this plugin works with all WordPress themes, as it simply modifies the HTTP headers sent by your web server. It does not affect the content or styling of your site.
No coding knowledge is required. The plugin provides a simple admin interface where you can enable or disable headers with just a click.
Security headers modify how browsers interpret and handle your site. In rare cases, they may interfere with some functionality (e.g., third-party embeds). The plugin allows you to easily disable any problematic headers.
You can use tools like SecurityHeaders.com or web browser developer tools to inspect the HTTP headers and confirm that your settings are applied correctly.
If a specific header is interfering with your website or a third-party service, you can disable it from the Settings > Security Headers page. Each header is independently configurable, so you can toggle only the ones you need.
Adding security headers generally has a minimal impact on performance. The headers are small in size and add a negligible amount of data to each request. This plugin only sets headers at the server level without altering front-end content or site functionality.
Yes, the Security Header plugin is compatible with WordPress multisite installations. However, you’ll need to configure security headers individually for each site in the network.
While security headers provide a robust layer of protection against specific attack vectors (e.g., XSS, clickjacking), they are not a complete security solution. Using this plugin in combination with other security practices, such as regular updates, strong passwords, and security plugins, is recommended.
Most modern browsers support these headers, but certain headers may not be fully compatible with older browsers. You can check browser compatibility for each security header if needed.
Currently, this plugin provides standardized header values optimized for security. For advanced customizations, please reach out to the developer for additional options or custom development support.
To uninstall, simply deactivate and delete the plugin from the Plugins menu. All headers set by the plugin will be removed, restoring your website to its previous state.
We welcome feedback! Please contact us through Inspired Monks Contact us to report any issues or suggest new features.
X-Permitted-Cross-Domain-Policies
, Expect-CT
, and Permissions-Policy
headers.headers_sent()
checks to prevent "Headers already sent" errors.isset()
checks to avoid "Undefined array key" warnings for uninitialized options.