Category: Security Headers
Getting everything out of your security headers
After you enable Really Simple Security (Pro), there will be quite a number of new features available to you. We recommend to start by navigating to Security -> Settings, and work your way down through the available options to enable all of the desired security settings. This includes all of the recommended Security Headers as well. We sometimes get the question: “Which headers should I enable, and why aren’t they all just enabled by default?”. This is not always possible,
How to use the Content Security Policy generator
Really Simple Security (Pro) has the ability to generate a Content Security Policy for your WordPress site. A Content Security Policy is an added layer of security that can mitigate and detect various security threats. Since this is an advanced feature, we recommend using this function if you have an understanding of what a Content Security Policy does. Do note that the Content Security Policy does not offer 100% protection to your site, as both script-src and style-src need to
Inserting HSTS header using PHP
HSTS Header insertion Really Simple Security Pro has the ability to set the HSTS header for your website. From version 6 and upwards this is performed via PHP, so there is no need to edit server config files like htaccess or nginx.conf anymore.
HSTS: HTTP Strict Transport Security, and why it’s good to have it
HSTS (HTTP Strict Transport Security) is available in Really Simple Security (Pro), and most people just activate it. But it’s good to know why you need it. When you have an SSL certificate on your domain, anyone can still use your site over the http (insecure). The simplest solution is to add a redirect. That’s one of the features of Really Simple Security: it adds the redirect to your site that forces it to load over SSL. But what if a malicious