{"id":52544,"date":"2016-12-05T03:14:14","date_gmt":"2016-12-05T03:14:14","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/http-security\/"},"modified":"2020-04-06T15:13:45","modified_gmt":"2020-04-06T15:13:45","slug":"http-security","status":"closed","type":"plugin","link":"https:\/\/cs.wordpress.org\/plugins\/http-security\/","author":550850,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.5.6","stable_tag":"2.5.6","tested":"5.4.19","requires":"4.6","requires_php":"","requires_plugins":"","header_name":"HTTP headers to improve web site security","header_author":"Carl Conrad","header_description":"","assets_banners_color":"","last_updated":"2020-04-06 15:13:45","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.paypal.me\/conradcarl","header_plugin_uri":"","header_author_uri":"https:\/\/carlconrad.net","rating":4.8,"author_block_rating":0,"active_installs":4000,"downloads":50058,"num_ratings":0,"support_threads":2,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"2.0":"<ul>\n<li>Due to a deep change in the user interface, Content-Security-Policy settings are reset and will need to be redefined.<\/li>\n<\/ul>","1.7.3":"<ul>\n<li>Due to a file name change to comply with WordPress guidelines, plug in needs to be uninstalled and reinstalled.<\/li>\n<\/ul>"},"ratings":{"1":0,"2":0,"3":"1","4":"1","5":"16"},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":"1610568","resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":"1610568","resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1","1.10","1.10.2","1.10.3","1.10.4","1.10.5","1.10.6","1.10.7","1.11","1.3","1.4","1.5","1.6","1.7","1.7.1","1.7.2","1.7.4","1.7.5","1.8","1.9","2.0","2.0.1","2.1","2.1.1","2.1.2","2.2","2.3","2.3.1","2.3.2","2.3.3","2.4","2.4.1","2.4.2","2.5","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1887005","resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":"1665126","resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"1887005","resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"General settings screen.","2":"Content-Security-Policy directives settings screen.","3":".htaccess contents screen."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,34310,32637,1908,600],"plugin_category":[54],"plugin_contributors":[127567],"plugin_business_model":[],"class_list":["post-52544","plugin","type-plugin","status-closed","hentry","plugin_tags-csp","plugin_tags-hsts","plugin_tags-http-headers","plugin_tags-https","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-carlconrad","plugin_committers-carlconrad","plugin_support_reps-carlconrad"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/http-security.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/http-security\/assets\/screenshot-1.png?rev=1887005","caption":"General settings screen."},{"src":"https:\/\/ps.w.org\/http-security\/assets\/screenshot-2.png?rev=1665126","caption":"Content-Security-Policy directives settings screen."},{"src":"https:\/\/ps.w.org\/http-security\/assets\/screenshot-3.png?rev=1887005","caption":".htaccess contents screen."}],"raw_content":"<!--section=description-->\n<p>This plug-in helps setting up the various header instructions included in the HTTP protocol allowing for simple improvement of your website security.<\/p>\n\n<p>This plug-in provides enabling of the following measures:<\/p>\n\n<ul>\n<li>HSTS (Strict-Transport-Security)<\/li>\n<li>CSP (Content-Security-Policy)<\/li>\n<li>Clickjacking mitigation (X-Frame-Options in main site)<\/li>\n<li>XSS protection (X-XSS-Protection)<\/li>\n<li>Disabling content sniffing (X-Content-Type-Options)<\/li>\n<li>Referrer policy<\/li>\n<li>Expect-CT<\/li>\n<li>Feature-Policy<\/li>\n<li>Remove PHP version information from the HTTP header<\/li>\n<li>Remove WordPress version information from the header<\/li>\n<\/ul>\n\n<p><a href=\"https:\/\/securityheaders.com\/\">securityheaders.com<\/a> is a useful resource for evaluating your web site\u2019s security.<\/p>\n\n<p>As usual, make sure to understand the meaning of these options and to run full tests on your web site as some options may result in some features stop working.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/http-security<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n<li>Activate the plugin through the \"Plugins\" screen in WordPress.<\/li>\n<li>Use the Settings -&gt; HTTP Security screen to configure the plugin.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt>How can I test the plug-in runs effectively?<\/dt>\n<dd><p>Check the HTTP headers of your web site.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.5.6<\/h4>\n\n<ul>\n<li>Fixed some text escaping<\/li>\n<\/ul>\n\n<h4>2.5.5<\/h4>\n\n<ul>\n<li>Added missing text escaping<\/li>\n<\/ul>\n\n<h4>2.5.4<\/h4>\n\n<ul>\n<li>Added missing text escaping<\/li>\n<\/ul>\n\n<h4>2.5.3<\/h4>\n\n<ul>\n<li>Minor fix<\/li>\n<\/ul>\n\n<h4>2.5.2<\/h4>\n\n<ul>\n<li>Improved options sanitize<\/li>\n<\/ul>\n\n<h4>2.5.1<\/h4>\n\n<ul>\n<li>Minor fix<\/li>\n<\/ul>\n\n<h4>2.5<\/h4>\n\n<ul>\n<li>Tested with WordPress 5.4<\/li>\n<li>Added support for Feature-Policy<\/li>\n<\/ul>\n\n<h4>2.4.2<\/h4>\n\n<ul>\n<li>Tested with WordPress 5.0<\/li>\n<\/ul>\n\n<h4>2.4<\/h4>\n\n<ul>\n<li>Added .htaccess instructions<\/li>\n<\/ul>\n\n<h4>2.3.2<\/h4>\n\n<ul>\n<li>Tested with WordPress 4.9<\/li>\n<\/ul>\n\n<h4>2.3<\/h4>\n\n<ul>\n<li>Added support for Expect-CT<\/li>\n<li>Cleaned up the interface<\/li>\n<\/ul>\n\n<h4>2.2<\/h4>\n\n<ul>\n<li>Switched to languages packs<\/li>\n<\/ul>\n\n<h4>2.1<\/h4>\n\n<ul>\n<li>Added support for Referrer-Policy directive<\/li>\n<li>Added uninstall database cleanup<\/li>\n<\/ul>\n\n<h4>2.0<\/h4>\n\n<ul>\n<li>Added support for all Content-Security-Policy directives<\/li>\n<li>Reworked the user interface<\/li>\n<\/ul>\n\n<h4>1.11<\/h4>\n\n<ul>\n<li>Added setting the mode for x-frame-options<\/li>\n<\/ul>\n\n<h4>1.10.7<\/h4>\n\n<ul>\n<li>Removed HSTS header when connected in HTTP<\/li>\n<\/ul>\n\n<h4>1.10.3<\/h4>\n\n<ul>\n<li>Fixed HSTS syntax warning<\/li>\n<\/ul>\n\n<h4>1.10<\/h4>\n\n<ul>\n<li>Added support for Content-Security-Policy<\/li>\n<\/ul>\n\n<h4>1.9<\/h4>\n\n<ul>\n<li>Added critical issues notifications<\/li>\n<\/ul>\n\n<h4>1.7.5<\/h4>\n\n<ul>\n<li>Added max-age option to HSTS setting<\/li>\n<\/ul>\n\n<h4>1.6<\/h4>\n\n<ul>\n<li>Added option to remove WordPress version information from the header<\/li>\n<\/ul>\n\n<h4>1.5<\/h4>\n\n<ul>\n<li>Added option to remove PHP version information from the HTTP header<\/li>\n<\/ul>\n\n<h4>1.4<\/h4>\n\n<ul>\n<li>Included link to submit site preload to browsers<\/li>\n<li>Reduced HSTS max-age to one year<\/li>\n<\/ul>\n\n<h4>1.3<\/h4>\n\n<ul>\n<li>Added X-Frame-Options protection.<\/li>\n<li>Added X-Content-Type-Options protection.<\/li>\n<li>Added HSTS options.<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>Added XSS protection option.<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>First stable version providing basic HSTS support.<\/li>\n<\/ul>","raw_excerpt":"Use your HTTP header to improve security of your web site","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/52544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=52544"}],"author":[{"embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/carlconrad"}],"wp:attachment":[{"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=52544"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=52544"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=52544"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=52544"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=52544"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cs.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=52544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}