Author: Leon Wimmenhoeve
LiteSpeed Cache and Security Headers
If you are using LiteSpeed Cache, you might have noticed that it takes a while for updates to your Security Header settings to take effect. This is because LiteSpeed Cache can prevent the loading of our advanced-headers.php file (which contains the headers from the plugin). The solution to this is to add rsssl_after_saved_fields to the “Purge All Hooks” list in the LiteSpeed Cache settings. This will purge the LiteSpeed Cache on every save of the Really Simple Security settings. NOTE:
How valuable is your website?
Thousands of websites get hacked every day. It may not have happened to you, but there is no reason for cybercriminals not to try. People often think it won’t happen to their website, because there is nothing to gain for an attacker, right? You may not be running a webshop, you’re not storing any confidential or valuable data on your website, and you are not even bothered about losing your website; for instance when you’re hardly getting any visitors at
W3 Total Cache and Security Headers
Disk: Enhanced mode blocks security headers If you are using W3 Total Cache in “Disk: Enhanced” mode, setting Security Headers via Really Simple Security will not work correctly. Really Simple Security sets security headers using PHP, and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP to serve static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is inherently incompatible with the Security Headers functionality in Really Simple SSL. To use Really Simple Security’s security headers
Rogue admin protection for WordPress
To protect your website against the creation of rogue admins, simply enable the “Restrict creation of administrators” setting under advanced hardening in Really Simple SSL Pro.
Implementing Content Security Policy (CSP) on WordPress
Implementing a Content Security Policy is an essential way to protect your website from common attacks. What is Content Security Policy Content Security Policy enhances the security of web applications, reduces the attack surface, and protects users from various forms of web-based attacks such as Cross-Site Scripting (XSS), Clickjacking, data and code injection attacks. In this article, we will explore the significance of CSP and delve into the step-by-step process of implementing it on a WordPress website to enhance security