Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Wordpress Alert: Missing Security Headers in .htaccess File

Wordpress Alert: Missing Security Headers in .htaccess File

WordPress website owners started to see a new alert with recommended actions in the WordPress site’s health security.

What caused the new health alert?

Wordpress Alert: Missing Security Headers in .htaccess File

The new alert in the “Site heath” section appeared after updating the Really Simple SSL plugin.

In this article, we will fix the following missing security headers using the .htaccess file.

  • HTTP Strict Transport Security
  • Content Security Policy: Upgrade Insecure Requests
  • X-XSS protection
  • X-Content Type Options
  • Referrer-Policy
  • X-Frame-Options
  • Expect-CT

How to add the new security headers to the .htaccess file?

We’ve put together a single code to be added to your .htaccess file that will fix all your Security Headers issues, and then this alert will disappear accordingly.

Copy and paste the below code at the end of your .htaccess.

 



Header always set Content-Security-Policy "upgrade-insecure-requests;"




# Security Headers



Header set X-XSS-Protection "1; mode=block"

Header set X-Frame-Options "SAMEORIGIN"

Header set X-Content-Type-Options "nosniff"

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

# Header set Content-Security-Policy ...

Header set Referrer-Policy "same-origin"



    Header set Expect-CT enforce,max-age=2592000,report-uri="https://foo.example/report"

Happy Fixing!

The post Wordpress Alert: Missing Security Headers in .htaccess File appeared first on Digital Boom.



This post first appeared on Digital Boom, please read the originial post: here

Share the post

Wordpress Alert: Missing Security Headers in .htaccess File

×

Subscribe to Digital Boom

Get updates delivered right to your inbox!

Thank you for your subscription

×