WordPress website owners started to see a new alert with recommended actions in the WordPress site’s health security.
What caused the new health alert?
The new alert in the “Site heath” section appeared after updating the Really Simple SSL plugin.
In this article, we will fix the following missing security headers using the .htaccess file.
- HTTP Strict Transport Security
- Content Security Policy: Upgrade Insecure Requests
- X-XSS protection
- X-Content Type Options
- Referrer-Policy
- X-Frame-Options
- Expect-CT
How to add the new security headers to the .htaccess file?
We’ve put together a single code to be added to your .htaccess file that will fix all your Security Headers issues, and then this alert will disappear accordingly.
Copy and paste the below code at the end of your .htaccess.
Header always set Content-Security-Policy "upgrade-insecure-requests;" # Security HeadersHeader set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" # Header set Content-Security-Policy ... Header set Referrer-Policy "same-origin" Header set Expect-CT enforce,max-age=2592000,report-uri="https://foo.example/report"
Happy Fixing!
The post Wordpress Alert: Missing Security Headers in .htaccess File appeared first on Digital Boom.
