HTTP headers to improve web site security

Beschreibung

This plug-in helps setting up the various header instructions included in the HTTP protocol allowing for simple improvement of your website security.

This plug-in provides enabling of the following measures:

  • HSTS (Strict-Transport-Security)
  • CSP (Content-Security-Policy)
  • Clickjacking mitigation (X-Frame-Options in main site)
  • XSS protection (X-XSS-Protection)
  • Disabling content sniffing (X-Content-Type-Options)
  • Referrer policy
  • Expect-CT
  • PHP-Versionsinformationen aus dem HTTP-Header entfernen
  • Remove WordPress version information from the header

securityheaders.io ist eine nützliche Ressource für die Bewertung der Sicherheit Deiner Website.

As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.

Screenshots

  • Allgemeine Einstellungen Bildschirm.
  • Content-Security-Policy directives settings screen.

Installation

  1. Upload the plugin files to the /wp-content/plugins/http-security directory, or install the plugin through the WordPress plugins screen directly.
  2. Aktiviere das Plugin über den „Plugins“ -Bildschirm in WordPress.
  3. Verwende den Bildschirm Einstellungen -> HTTP Security, um das Plugin zu konfigurieren.

FAQ

Installationsanleitungen
  1. Upload the plugin files to the /wp-content/plugins/http-security directory, or install the plugin through the WordPress plugins screen directly.
  2. Aktiviere das Plugin über den „Plugins“ -Bildschirm in WordPress.
  3. Verwende den Bildschirm Einstellungen -> HTTP Security, um das Plugin zu konfigurieren.
Wie kann ich die Plug-In-Läufe effektiv testen?

Überprüfe die HTTP-Header Deiner Website.

Rezensionen

Perfectly pitched

Really useful plugin for helping with these headers. In addition to https://securityheaders.io also check out your site using https://www.ssllabs.com/ssltest/ for additional feedback. Many thanks.

Facilitating Content Security Policy, X-XSS-Protection, HSTS etc.

I had started writing code in my header and was trying various values for the many directives, after breaking the pages. I decided to look at plugins. The issue was how to speed up the process. This plugin seemed to offer what I needed. In conjunction with the https://securityheaders.io site, I soon attained an ‚A‘ rating. Thank you Conrad for a very useful plugin. This is a great start and I hope you will keep up with the new levels of CSP.

Lies alle 3 Rezensionen

Mitwirkende & Entwickler

„HTTP headers to improve web site security“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende

„HTTP headers to improve web site security“ wurde in 3 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „HTTP headers to improve web site security“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Changelog

2.3.2

  • Tested with WordPress 4.9

2.3

  • Added support for Expect-CT
  • Cleaned up the interface

2.2

  • Switched to languages packs

2.1

  • Added support for Referrer-Policy directive
  • Added uninstall database cleanup

2.0

  • Added support for all Content-Security-Policy directives
  • Reworked the user interface

1.11

  • Added setting the mode for x-frame-options

1.10.7

  • Removed HSTS header when connected in HTTP

1.10.3

  • Fixed HSTS syntax warning

1.10

  • Added support for Content-Security-Policy

1.9

  • Added critical issues notifications

1.7.5

  • Added max-age option to HSTS setting

1.6

  • Added option to remove WordPress version information from the header

1.5

  • Added option to remove PHP version information from the HTTP header

1.4

  • Included link to submit site preload to browsers
  • Reduced HSTS max-age to one year

1.3

  • Added X-Frame-Options protection.
  • Added X-Content-Type-Options protection.
  • Added HSTS options.

1.1

  • Added XSS protection option.

1.0

  • Erste stabile Version, mit grundlegende HSTS-Unterstützung.