Archives: Instructions

Configuring HSTS (HTTP Strict Transport Security)

One of the best-known policies is the HTTP Strict Transport Security. Below, we will give a quick overview of HSTS configuration and what is recommended. If you want to know what HSTS is or why you need it: What is HSTS? Why do you need HSTS? Configuring HTTP Strict Transport Security The most effective way to use HSTS is by preloading the strict policy directly in supported browsers. If you do not preload your website, the browser will only remember

Leon Wimmenhoeve November 2, 2022

Installing a free Let’s Encrypt SSL certificate

Most hosting providers will provide you with an SSL certificate. Really Simple Security attempts to detect and enforce the installed SSL certificate automatically. If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple Security. The below steps will guide you through the SSL generation process. Note: your Hosting Provider may restrict the installation of third-party SSL certificates. Therefore,

Leon Wimmenhoeve October 27, 2022

Configuring the Cross-Origin Policies

The different Cross-Origin headers supported by Really Simple SSL are: CORP: Cross-Origin Resource Policy (same-site | same-origin | cross-origin) COEP: Cross-Origin Embedder Policy (unsafe-none | require-corp) COOP: Cross-Origin Opener Policy (unsafe-none| same-origin-allow-popups | same-origin) Practical usage in WordPress A quick decision tree for these headers is as follows: CORP: Your site is used as a resource on other websites => yes, third party websites=> CORP set to cross-origin. yes, but only your own subdomains=> CORP set to same-site no=>CORP set

Leon Wimmenhoeve October 26, 2022

About Hardening Features

The newest addition to Really Simple SSL is hardening features. These features will tackle the known and lesser-known weaknesses when running a WordPress website. Hardening features are focused on minimizing risk by removing points of attack. Mostly in disabling features that are not used or limiting access to those who use them. For more information on Hardening Features for WordPress, please read this article. Hardening Features Most of these hardening features are self-explanatory, but we will pick some to explain

Leon Wimmenhoeve August 31, 2022

About our General Settings

Redirect method This setting allows you to determine how to implement the Really Simple SSL 301 redirect from HTTP to HTTPS. No redirect – Prevents Really Simple SSL from adding any redirects. Use when you prefer to manually add redirects or using a different plugin 301 PHP redirect – Only use if your server doesn’t utilize .htaccess and if your site isn’t relying on caching mechanisms (like most WordPress websites). 301 .htaccess redirect – The recommended value for Apache servers

Leon Wimmenhoeve August 31, 2022

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular