WordCamp Europe

Porto 2022

Really Simple Plugins’ Rogier Lankhorst presented the most overlooked Security Features for WordPress at WordCamp Europe in Porto. Although protecting your website’s back-end is no less important. Protecting your website visitors from malicious attacks and data breaches should be a number 1 priority. You will find our presentation and a quick walkthrough of Really Simple SSL Pro’s most important features below.

The video will be uploaded soon

Play Video
Rogier Lankhorst

Rogier Lankhorst

Presenter & Co-Owner Really Simple Plugins

Ask a Question

The Short Walkthrough on Security Headers

Protect your Website Visitors
with Really Simple SSL Pro

1

A website visitor is hijacked trying to access your website.

2

The hacker serves a look-a-like website with the purpose to steal e.g. personal data.

HSTS & HSTS Preload

Leveraging your SSL certificate with HSTS is a staple for every website. Force your website over SSL, mitigating risks of malicious counterfeit websites in your name.

Why you need HSTS

X-Frame-Options

Loading another HTML document to your webpage can have its benefits but also opens an array of misuses. Even if you’re not using the iFrame element, you still need to control the options for others.

Why you need X-Frame Options

1

The website visitor expects to enter their payment information or personal data on website A, which seems secure.

2

Website B, controlled by a malicious party, loads an 'invisible' iFrame/Layer in the website to pose as the correct form to enter.

2

The website visitor expects to view an image file, but is downloading a script (Bomb) file.

1

The server does not define the scripts that are allowed for the browser to render a website.

X-Content-Type-Options

Everybody knows about emails that contain malicious malware when you click on a link, but this also happens on websites and pop-ups.

Why you need X-Content-Type-Options

Referrer Policy

Referrers are websites that send website visitors to your website. Your website can be a referrer to other websites as well. An example can be an affiliate link or a Google Ad campaign.

Why you need a Referrer Policy

1

You're logged in to Facebook, and in the URL your login credentials are present. You stumble upon an advert from Amazon and you click it!

2

You visit the Amazon product page, and an Amazon marketeer finds your credentials in their Analytics tool. 

2

Making use of browser settings that might allow browser features, all browser data, even from a camera is collected by a third party. 

1

You visit a webshop to browse the latest sneakers. Suddenly, your webcam turns on. What's happening?

Permission Policy

Browser features are plentiful, but most are not needed on your website. But they might be misused if you don’t actively tell the browser to disable these features.

Why you need a Permissions Policy

Cross Origin Isolation

One of the most powerful features, and therefore the most complex are the Cross-Origin headers that can isolate your website so any data leaks are minimized.

Why you need Cross Origin Isolation

2

During the visit, and during the payment, Google's API request is blocked and no data is shared, 'isolating' your website.

1

A PayPal pop-up shows up on top of the Amazon website, used to collect payment information and process the order.

2

The website visitor expects to view an image file, but is downloading a script (Bomb) file.

1

The server does not define the scripts that are allowed for the browser to render a website.

Content Security Policy

The content security policy has many options, so we always recommend starting in ‘report-mode’ to see what’s going on your website, and which files and scripts are loaded. By then, you know what should stay and what is unnecessary or can be misused.

Why you need a Content Security Policy

"Protecting your website visitors from mailicious attacks and data breaches should be your #1 priority"

Improve security with Really Simple SSL Pro