前言介紹
- 這款 WordPress 外掛「Secure HTTP Headers」是 2021-04-12 上架。
- 目前有 100 個安裝啟用數。
- 上一次更新是 2021-04-13,距離現在已有 1482 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 5.3 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.2 以上。
- 有 2 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
cookies | headers | security | hardening |
內容簡介
to the main functionality, features such as Content Security Policy, Feature-Policy, and Subresource Integrity. These headers provide an extra level of security and protection against various attacks.
With Secure HTTP Headers and Secure HTTP Headers enhanced, your web applications will have a strong first line of defense against a wide range of cyber threats.
Get the peace of mind you need by installing and activating Secure HTTP Headers today!
原文外掛簡介
Harden your web applications.
HTTP header fields are components of the header section of request and response messages. The headers define the operating parameters of an HTTP transaction.
Securing HTTP headers will improve the resilience of your web application against many common attacks including those that are on the OWASP top 10 list.
Securing headers can also improve your SEO rank and in addition to preventing websites from being marked as dangerous by browsers and antivirus applications.
Protect sensitive user information and be compliant with privacy regulations. Defend users from stealing private data by protecting website cookies. Use the proper directive such as “secure”, “httponly” and “samesite”, all of those will be applied automatically by “Secure HTTP Headers” plugin.
Secure HTTP Headers will automatically analyze any website and will build up secure headers directives, by the latest best practice.
In addition, Secure HTTP Headers offers fully configurable options, apply or skip any header directive as needed.
Install and activate Secure HTTP Headers with full confidence, the deactivation of this plugin will return your website header directives to their original state.
Main plugin functionality
HTTP Strict Transport Security – helps to protect websites against man-in-the-middle attacks and cookie hijacking
X-Frame-Options – helps to protect users against ClickJacking attacks
X-Content-Type-Options – helps to prevent the browser from MIME-sniffing
Referrer-Policy – helps to control how much referrer information should be included with requests
Clear-Site-Data – helps to ensure that data is deleted from the browser if the user logs out
X-Download-Options – helps to control how IE 8 will handle downloaded HTML files
Access-Control-Allow-Origin – helps to ensure whether the response can be shared with requesting code from the given origin
Cross-Origin-Embedder-Policy – helps to prevent a document from loading any cross-origin resources that don’t explicitly grant the document permission
Permissions-Policy – helps to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document
Cross-Origin-Opener-Policy – helps to protect websites against a set of cross-origin attacks dubbed XS-Leaks
Cross-Origin-Resource-Policy – helps to protect websites against speculative side-channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks
X-Permitted-Cross-Domain-Policies – helps to control how cross-domain requests from Flash and PDF documents are handled
Cookie Http-Only flag – helps to protect websites against Cross-Site Scripting, or XSS attacks
Cookie Secure flag – helps to ensure that cookie is sent over a secure connection
Cookie Samesite Lax flag – helps to protect websites against CSRF and XSSI attacks
Expect-CT – helps to prevent the use of misissued certificates for a website. Note: The Expect-CT will likely become obsolete in June 2021
What are the optional extras?
Magnisec is offering “Secure HTTP Headers enhanced”
A plugin that contains, in addition, an engine that watches and builds in any website changes a CSP – Content Security Policy that is best practice and recommended by all professional securities experts, that mitigate XSS -Cross site Scripting, one of the most common and destructive attacks.
Price: 50$ /year for a domain.
More details and installation here
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Secure HTTP Headers」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
延伸相關外掛(你可能也想知道)
SAR One Click Security 》有很多 WordPress 安全性外掛,有很多選項和頁面可以設置,如果您知道該怎麼做就好了。, 但大多時候,您並不需要太多選項,或者您只是不確定應該設置什麼。, ...。
NETSENSAI Shield 》總結: NETSENSAI Shield 提供一個使用者友善的介面,讓使用者可以在 WordPress 中管理基本安全設定,使他們能夠保護自己的網站而無需過多配置知識。, , 1. 這...。
Dessky Security 》Dessky Security 是一個超輕量級的外掛程式,用於基本的安全加固。它專為在不耗盡你網站資源的情況下設計而成。啟用所有主要安全措施後,不再需要你的輸入。...。
WM Secure and Optimize 》WM Secure and Optimize套件提供一個地方處理您網站的安全性和效能。, , 增強您網站的安全性,設置強大的網站保護。, 通過禁用和刪除一些不需要的功能來優化...。
Integer Wp Security 》為您的網站降低風險,運行主要攻擊的易強化保護。, 透過強化,您可以控制惡意請求、阻止具有惡意行為(例如評論垃圾郵件、暴力破解登錄等)的 IP 地址。, 強...。
DozWPSecure 》這是一個針對 WordPress 4.x、5.0 及以上版本的基本安全外掛。你可以選擇性地停用 WordPress 核心中未使用的功能,此外掛還會協助你刪除不必要的資訊,避免被...。