Tag: Apache
How to set Security Headers on Apache and NGINX
Below we will discuss the challenges and solutions of setting security headers in a WordPress environment. Methods for setting http security headers There are different ways to set security headers on both Apache and Nginx. Usually, security headers on Apache are set in the .htaccess file in the root of your WordPress installation, for Nginx servers they are usually set in the nginx.conf file. Some servers combine Nginx and Apache so they can be set in either of those files.
How to find where (unwanted) security headers are set
In some cases you may be unable to change a security header from within Really Simple SSL because the settings is disabled. You may even get the following warning in the Really Simple SSL dashboard: “The … security header is not set by Really Simple SSL, but has a non-recommended value: “…” This means that the header was set by other means, sometimes incorrectly or with non-recommended values. If we find an incorrectly set header or a header that is
How to install an SSL certificate on Apache
If you have generated your Let’s Encrypt certificate with Really Simple SSL, and you don’t have any of the automated installation options (shell, cPanel with API, Plesk with API or Cloudways), you’ll need to install the SSL certificate manually on your Apache server. Download your certificate files At the end of the Let’s Encrypt SSL certificate generation in the Really Simple SSL wizard, you see several buttons allowing you to download the required files: a certificate.crt and a private.pem file.