In this article we learn how to add security headers in wordpress website. Headers are basically use for secure our website. Default headers are automatically add in our website. But some headers need to add manually in our website.
Manually adding security headers in WordPress Using .htaccess
Let’s follow these steps to add headers in .htaccess file.
- Login into your hosting panel and go to root directory
- If you can’t find the .htaccess file the click on top right Setting button
- A popup opened then checked “Show Hidden Files (dotfiles)” and save settings.
- Download .htaccess file and open into text editor
Adding HSTS
# Really Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
# End Really Simple SSL
Adding X-XSS-Protection
# Really Simple SSL
Header always set X-XSS-Protection "0"
# End Really Simple SSL
Adding X-Content-Type-Options
# Really Simple SSL
Header always set X-Content-Type-Options "nosniff"
# End Really Simple SSL
Adding Referrer Policy header
# Really Simple SSL
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# End Really Simple SSL
Adding X-Frame-Options header
# Really Simple SSL
Header always set X-Frame-Options: "SAMEORIGIN"
# End Really Simple SSL
Adding Permissions-Policy header
# Really Simple SSL
Header always set Permissions-Policy: ""
# End Really Simple SSL
Finally save this file and upload on FTP server.
