Linux 软件免费装
Banner图

HTTP Security Header

开发者 mohitgoyal1108
更新时间 2024年11月27日 05:26
PHP版本: 7.0 及以上
WordPress版本: 6.7
版权: GPLv2 or later
版权网址: 版权信息

标签

wordpress security content security policy http security header security x-frame-options

下载

2.0 2.0.1 2.0.2 2.0.3 2.1

详情介绍:

Security headers are essential for protecting your WordPress website against common attacks, including cross-site scripting (XSS), clickjacking, content sniffing, and certificate transparency issues. The Security Header plugin provides an easy interface to enable or disable essential security headers with just a few clicks. Key Features:

安装:

  1. Download the plugin and unzip the folder.
  2. Upload the security-header folder to the /wp-content/plugins/ directory.
  3. Activate the plugin through the 'Plugins' menu in WordPress.
  4. Go to Settings > Security Headers to configure the plugin options.

屏幕截图:

  • **Without Plugin**: Your website is vulnerable to various security threats.

升级注意事项:

2.1 Upgrade to the latest version for enhanced security features, including COOP and CORP header support.

其他记录:

For more information or to get in touch with the developer, visit Inspired Monks Website.

常见问题:

What security headers can I enable with this plugin?

You can enable the following security headers:

  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Content-Security-Policy (CSP)
  • X-XSS-Protection
  • Permissions-Policy
  • X-Permitted-Cross-Domain-Policies
  • Expect-CT
  • Feature-Policy
  • Cross-Origin-Opener-Policy (COOP)
  • Cross-Origin-Resource-Policy (CORP)

Does this plugin work with all themes?

Yes, this plugin works with all WordPress themes, as it modifies the HTTP headers sent by your web server without affecting the content or styling of your site.

Is coding knowledge required to use this plugin?

No coding knowledge is required. The plugin provides a simple admin interface where you can enable or disable headers with just a click.

Can this plugin interfere with my website's functionality?

Security headers modify how browsers interpret and handle your site. In rare cases, they may interfere with some functionality (e.g., third-party embeds). The plugin allows you to easily disable any problematic headers.

How do I know if the headers are working?

You can use tools like SecurityHeaders.com or web browser developer tools to inspect the HTTP headers and confirm that your settings are applied correctly.

What should I do if a security header is causing an issue?

If a specific header is interfering with your website or a third-party service, you can disable it from the Settings > Security Headers page. Each header is independently configurable, so you can toggle only the ones you need.

Does this plugin affect website performance?

Adding security headers generally has a minimal impact on performance. The headers are small in size and add a negligible amount of data to each request. This plugin only sets headers at the server level without altering front-end content or site functionality.

Can I use this plugin on a multisite installation?

Yes, the Security Header plugin is compatible with WordPress multisite installations. However, you’ll need to configure security headers individually for each site in the network.

Will this plugin prevent all types of attacks?

While security headers provide a robust layer of protection against specific attack vectors (e.g., XSS, clickjacking), they are not a complete security solution. Using this plugin in combination with other security practices, such as regular updates, strong passwords, and security plugins, is recommended.

Are these headers compatible with all browsers?

Most modern browsers support these headers, but certain headers may not be fully compatible with older browsers. You can check browser compatibility for each security header if needed.

Does this plugin support custom settings for each header?

Currently, this plugin provides standardized header values optimized for security. For advanced customizations, please reach out to the developer for additional options or custom development support.

How do I uninstall the plugin, and what happens to the headers?

To uninstall, simply deactivate and delete the plugin from the Plugins menu. All headers set by the plugin will be removed, restoring your website to its previous state.

I found an issue or have a feature request. Where can I report it?

We welcome feedback! Please contact us through Inspired Monks Contact us to report any issues or suggest new features.

更新日志:

2.1 2.0.3 2.0.2 2.0.1 2.0 1.0