WordPress HTTP Headers – WordPress Security Headers Plugin to Improve WordPress Security

If you are using WordPress website, then you can increase your website security by implementing proper Security Headers on your website. These HTTP Headers pass additional information between the client and the server. Using these you can add another layer of security in your website to prevent and mitigate attacks. In this tutorial we will see how to add HTTP headers on your wordpress website using HTTP Headers wordpress plugin. You don’t need to add or change any code of your Websites.

Important HTTP Security Headers For WordPress

HTTP Strict Transport Security (HSTS)
Content-Security-Policy (CSP)

HTTP Headers for WordPress Security Plugin

HTTP Headers is a free WordPress security plugin to control your website HTTP headers. Using this plugin you can prevent some XSS, MITM and Clickjacking attacks in your wordpress website. Currently it supports more than 34 HTTP Headers. For the complete list of supported HTTP headers go to the below plugin homepage

HTTP Headers

How to install HTTP Headers WordPress Plugin on your website:

Login to your wordpress admin dashboard. (wp-admin/login).
In your wordpress admin dashboard click plugins and select Add New.
Type HTTP Headers in the search field and press the enter key.
Click the Install Now button in HTTP Headers wordpress plugin by Dimitar Ivanov.
After the successfully Installation click the activate Plugin link to activate HTTP Headers.

Also Read:  WordPress Speculation Rules Dynamic Prefetching and Prerendering

You can also download and install manually from below download link.

Download HTTP Headers

Add HTTP Security Headers in WordPress

After the installation and activation of WordPress HTTP Headers security plugin, go to Settings and select HTTP Headers in your left side WordPress dashboard menu.

They divided the HTTP Headers in six sections. Security, Access Control, Authentication, Compression, Caching and others. If you want to add the security related headers then go to the Security button.

Using the edit button you can set each individual HTTP security headers. Example if you want to set X-Frame-Option, Then click the X-Frame-Options edit link. Select the On radio button and select the option from right side drop down box. Here i am using SAMEORIGIN option. Hit the Save Changes button. That’s it.

For the complete headers and options you can refer here

If you liked this article, please subscribe to our YouTube Channel. You can also stay connected with us on X (Twitter) and Facebook.

Leave a Reply