Are you looking to install security headers in your WordPress website?
Then, you should definitely read this article because here I have mentioned the easiest way to install security headers.
The method mentioned here is not only free but will hardly take not more than 15-20 minutes.
So read on.
Step 1- Install HTTP Headers plugin-
You should install the HTTP Headers WordPress plugin and activate it.
Step 2- Set it up-
After installing this plugin, navigate to the settings of this plugin (you can access these settings by navigating to the WordPress sidebar and then looking for the HTTP Headers under the Settings).
Then, click on the Security box.
Step 3- Turn on the Headers-
Here, you should turn on the following headers and assign the respective values to them-
- X-Frame-Options- Assign SAMEORIGIN value.
- X-XSS-Protection- Assign 1; mode=block values.
- X-Content-Type-Options- Assign nosniff value.
- Strict-Transport-Security- Assign max-age= 1 year value.
- Referrer-Policy- Assign no-referrer-when-downgrade value.
- Expect-CT- Assign max-age= 90 days, enforce, report-uri=”https://yourdomainname.com/ct-report” values.
In the above report-uri=”https://yourdomainname.com/ct-report” value, replace the yourdomainname.com with the domain name of your website.
You can turn on the headers and assign them values by clicking on the Edit button present at the end of the respective Header row.
Don’t forget to save changes after assigning values.
I would recommend you to not add any value to the Content-Security-Policy because this is complicated.
That’s all, now you have installed the recommended security headers.
Step 4- Double check-
By now, the security headers should have successfully been installed.
But you can double check this by using a Security Header Response checker tool like SerpWorx.
Prior to installing security headers, the Site Health Status in your WordPress dashboard would have been recommending you to install security headers.
But if you refresh this page after installing security headers, this recommendation in the Site Health should go away.
This confirms that you have installed the required security headers.
Installing these security headers are important for improving the security of your website.
Did this guide help you to install security headers on your website?
If you face any issues please don’t hesitate to ask for help in the comment section below.
Please appreciate my work by sharing this article.