https://github.com/runthis/site-security-headers

Check your WordPress website for headers that are common for security purposes.
https://github.com/runthis/site-security-headers

security wordpress wordpress-plugin wordpress-security wordpress-security-plugin

Last synced: 5 months ago
JSON representation

Check your WordPress website for headers that are common for security purposes.

• Host: GitHub
• URL: https://github.com/runthis/site-security-headers
• Owner: runthis
• Created: 2021-03-25T04:48:59.000Z (almost 5 years ago)
• Default Branch: master
• Last Pushed: 2021-03-25T17:50:22.000Z (almost 5 years ago)
• Last Synced: 2025-02-14T22:35:15.301Z (11 months ago)
• Topics: security, wordpress, wordpress-plugin, wordpress-security, wordpress-security-plugin
• Language: PHP
• Homepage:
• Size: 23.4 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Wordpress Site Security Headers

[![PHP Support](https://badgen.net/badge/php/%3E=7.3/blue?icon=github)](https://github.com/runthis/wordpress-security-headers/search?l=PHP)

[![Main Languages](https://img.shields.io/github/languages/top/runthis/wordpress-security-headers)](https://github.com/runthis/wordpress-security-headers/search?l=PHP)

[![Languages](https://img.shields.io/github/languages/count/runthis/wordpress-security-headers)](https://github.com/runthis/wordpress-security-headers/search?l=PHP)

[![GitHub last commit](https://img.shields.io/github/last-commit/runthis/wordpress-security-headers)](https://github.com/runthis/wordpress-security-headers/commits/master)

This is a WordPress plugin that checks your WordPress website for common headers associated with security. This plugin is opinionated and these things will not directly apply to every situation, so it is best to analyze individual applications to determine your own best path forward.

![image](https://user-images.githubusercontent.com/8216720/112517504-62e09c80-8d66-11eb-855c-1a7f66f360b2.png)

| Header name                | Expects |

| -------------------------- | ------- |

| strict-transport-security  | `max-age` >= 31536000 |

| referrer-policy            | `no-referrer` `no-referrer-when-downgrade` `origin` `origin-when-cross-origin` `same-origin` `strict-origin` `strict-origin-when-cross-origin` |

| permissions-policy         | Just expects this to exist in some way |

| content-security-policy    | Minimum of: `default-src 'none'` |

| x-frame-options            | `deny` `sameorigin` `allow-from` |

| x-content-type-options     | `nosniff` |

| x-xss-protection           | `0` `1` (informs you that it is deprecated and recommends CSP) |