Security Header Generator

外掛說明

This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.

螢幕擷圖

  • Standard Header Settings
  • Content Security Policy Settings
  • Permissions Settings
  • Documentation
  • Import/Export Settings
  • Headers Set

安裝方式

  1. Download the plugin, unzip it, and upload to your sites /wp-content/plugins/ directory
    1. You can also upload it directly to your Plugins admin
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

常見問題集

What is a Content Security Policy?

A Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

使用者評論

2024 年 5 月 15 日 1 則留言
Very satisfied, thank you!
2022 年 12 月 18 日 1 則留言
The plugin does what it promises. Thank you for this work.
2021 年 12 月 18 日 1 則留言
Easy and Fast configuration. Don’t block image and Divi
閱讀全部 5 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈Security Header Generator〉的開發相關工作。

參與者

將〈Security Header Generator〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

5.1.31

  • Fix: Issue where menu would disappear on non-multisite

5.1.29

  • Fix: Some undefined array keys when some settings not set
  • Verify: WP Core 6.7 Compatibility
  • Fix: Defaults for settings.
    • Found headers were being applied after turning off setting that should not have been
  • Clean Up: Versions older than 4

5.0.11

  • Add: sandbox directive for Content Security Policy
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
  • Fix: Application of CSP headers when there is no value set
    • No longer sets the directive if nothing is configured for it.
  • Fix: Some styling in the admin pages
  • Remove: Deprecated CLI methods
  • Update: JS Libraries for settings framework
  • Verified: PHP 8.3 Compatibility

4.6.01

  • Verified: WP Core 6.6 Compatibility
  • Updated: settings fw: Fixed: PHP 8.x deprecated notices.
  • Updated: Documentation
  • Removed: references to implementation to avoid confusion

4.1.22

  • Removed: CLI Generator
  • Verified: WP Core 6.5 Compatibility
  • Add: Apply CSP to REST API
    • Please be aware, once this is switched on it will also be active for the admin area of the site.
    • Hook: wpsh_send_restapi_headers

4.0.01

  • Verified: Core Version 6.4 compliant
  • Remove: navigate-to directive for Content Security Policy
    • Per: https://docs.w3cub.com/http/headers/content-security-policy/navigate-to no longer supported in any browser
  • Add: report-to directive for Content Security Policy
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
    • Please be aware, this directive currently does nothing in Firefox and Safari
  • Updated: WordPress Defaults. Compliant ONLY with the following:
    • Plugins: Gravity Forms
    • Themes: Twenty Twenty, Twenty Twenty-One, Twenty Twenty-Two, Twenty Twenty-Three
  • Updated: WordPress Core version requirements to 5.6.10