HTTP headers have been introduced to help enhance the security of a website. Some of these headers can be very useful protection against certain type of attacks, but amazingly their use is not widely spread.
Head over to https://securityheaders.io and test your site, then, for comparison, test mine. You too could probably have an A grade rating, or A+ as in my case.
Here’s a quick overview of the security features. You don’t need to worry about how to figure it all out though. I have sorted and tested these and am pleased to present a format to suit most WordPress installations.
Content Security Policy
A well-applied Content Security Policy can drastically decrease the chances of exploitation of most forms of cross-site scripting attacks.
The Strict Transport Security (HSTS) header is used to force browsers to communicate only with the server over a secure connection.
This header lets the owner of the website decide which sites are allowed to frame their site. this prevents an attacker from manipulating the victim into unknowingly performing actions on the target website.
This header can be used to enable or disable the built-in feature supported in Internet Explorer, Chrome and Safari, currently.
Helps to prevent browsers from being tricked into making incorrect decisions which would attackers to execute malicious code on victim’s browsers.
Referrer Policy will allow a site to control the value of the referrer header in links away from their pages.
Security improvement for sites with an SSL certificate - money back GUARANTEE if I do not get your site to at least a Grade C rating
An extra layer of security
Force the browser to communicate only via SSL
Prevent modern browsers running in to preventable vulnerabilities, such as Cookie Hijacking
You MUST have an SSL certificate in place to use this service.
It costs just £375 per website - subject to a quick review of your website for compatability
All orders will be completed within 5 working days
SFTP, FTP or Cpanel (File manager) access