Category: WordPress Security
How to use the Content Security Policy generator
Really Simple SSL pro has the ability to generate a Content Security Policy for your WordPress site. A Content Security Policy is an added layer of security that can mitigate and detect various security threats. Since this is an advanced feature, we recommend using this function if you have an understanding of what a Content Security Policy does. Do note that this Content Security Policy won’t protect your site 100%. With the way WordPress is currently set up, both script-src
Inserting HSTS header using PHP
HSTS Header insertion Really Simple SSL Pro has the ability to set the HSTS header for your website. From version 6 and up this is done in PHP so there is no need to edit server config files like htaccess or nginx.conf anymore
What are Secure Cookies?
HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable for attacks. To limit vulnerability you can ‘secure’ your cookies by adding specific attributes to the set cookies, making it harder to manipulate by outsiders. Really Simple SSL uses the HttpOnly, secure and use_only_cookies parameters to make cookies more secure. Since Really Simple SSL helps you in securing your website by switching your site to
HSTS: HTTP Strict Transport Security, and why it’s good to have it
HSTS (HTTP Strict Transport Security) is available in Really Simple SSL pro, and most people just activate it. But it’s good to know why you need it. When you have an SSL certificate on your domain, anyone can still use your site over the http (insecure). The simplest solution is to add a redirect. That’s one of the features of Really Simple SSL: it adds a redirect to your site that forces it over SSL. But what if someone pretends to be your