WordPress.org

Svenska

Skaffa WordPress
WordPress.org

Plugin Directory

Fix It Easy Security Headers

Fix It Easy Security Headers

Av WP Fix It – WordPress Experts
Ladda ner

Beskrivning

WP Fix It Easy Security Headers adds a simple page under Tools Security Headers where you can toggle common HTTP security headers:

  • Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy

On activation, all headers are enabled by default and you’re redirected to the settings screen.

For convenience, the page and the Plugins screen include a “Check Headers” button that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically from home_url()).

Notes on CSP

This plugin ships with a permissive default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site.

Key Features

  • One-click toggles for popular headers
  • Dynamic “Check Headers” scan link
  • Uses the WordPress Settings API (nonce + capability checks)
  • Output escaping and sanitization following PHPCS

Skärmdumpar

  • Settings screen with header toggles and “Check Headers” button.

Installation

  1. Upload the plugin folder to /wp-content/plugins/fix-it-easy-security-headers/ or install via Plugins Add New.
  2. Activate the plugin.
  3. You’ll be redirected to Tools Security Headers. Review and adjust toggles as needed.
  4. (Optional) Click Check Headers to verify your headers on SecurityHeaders.com.

Vanliga frågor

Where do I manage the settings?

Go to Tools Security Headers.

What happens on activation?

All header options are enabled and you’re redirected once to the settings page.

Will this break my site?

Most headers are safe defaults. The provided CSP is intentionally permissive; it shouldn’t block assets. For strict CSPs, tailor directives to your stack and test.

Can I use this on multisite?

Yes. The “Check Headers” URL is derived from home_url(). Activation redirect is skipped for network/bulk activations.

Why don’t I see a “Settings saved” notice twice?

The page prints only this plugin’s scoped settings messages to avoid duplicate notices.

Can I customize the CSP?

Yes. You can modify the $csp string in security_headers_add_headers() to fit your site’s needs.

Recensioner

Detta tillägg har inga recensioner.

Bidragsgivare och utvecklare

”Fix It Easy Security Headers” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer

Översätt ”Fix It Easy Security Headers” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.

Ändringslogg

1.1

  • Initial release.
  • Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
  • Activation enables all options and redirects to settings.
  • Dynamic SecurityHeaders.com scan link.

Meta

  • Version 1.1
  • Senast uppdaterat 3 månader sedan
  • Aktiva installationer Färre än 10
  • WordPress-version 5.8 eller senare
  • Testat upp till 6.8.3
  • PHP-version 7.4 eller senare
  • Språk
    English (US)
  • Etiketter
  • Avancerad vy

Betyg

Än så länge har inga recensioner skickats in.

Lägg till min recension

Se alla recensioner

Support

Har du något att säga? Behöver du hjälp?

Visa supportforum

Donera

Skulle du vilja bidra till utvecklingen av detta tillägg?

Donera till det här tillägget