Opis
Security Headers Audit helps WordPress site owners strengthen browser-side security through modern HTTP security headers and comprehensive auditing tools.
The plugin provides an easy-to-use interface for configuring recommended security headers, monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress.
By implementing industry-standard browser security protections, Security Headers Audit can help reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type attacks, and unsafe cross-origin interactions.
Key Features
- Configure HTTP Security Headers from a centralized dashboard.
- Content Security Policy (CSP) management.
- Strict-Transport-Security (HSTS) support.
- X-Frame-Options protection against clickjacking.
- X-Content-Type-Options support to prevent MIME sniffing.
- Referrer-Policy management.
- Permissions-Policy configuration for browser feature control.
- Cross-Origin-Opener-Policy (COOP) support.
- Cross-Origin-Embedder-Policy (COEP) support.
- Cross-Origin-Resource-Policy (CORP) support.
- CSP violation monitoring and logging.
- Browser console error collection.
- Security configuration audit trail.
- Import and export settings.
- Clean uninstall support.
Supported Security Headers
- Content-Security-Policy (CSP)
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Embedder-Policy (COEP)
- Cross-Origin-Resource-Policy (CORP)
Instalacja
- Upload the plugin files to the
/wp-content/plugins-security-headers-auditdirectory, or install the plugin through the WordPress Plugins screen. - Activate the plugin through the „Plugins” screen in WordPress.
- Open the Security Headers Audit” menu in the WordPress admin dashboard.
- Configure your preferred security headers and auditing options.
- Save your settings.
Najczęściej zadawane pytania
-
What is Content Security Policy (CSP)?
-
Content Security Policy (CSP) is a browser security mechanism that helps prevent Cross-Site Scripting (XSS) and code injection attacks by controlling which resources can be loaded and executed.
-
Can I use Security Headers Audit on existing websites?
-
Yes. Security Headers Audit can be installed on both new and existing WordPress websites. Always test security header changes in a staging environment before deploying to production.
-
Does the plugin impact website performance?
-
Security Headers Audit is lightweight and designed to have minimal impact on performance. Security headers are applied during normal request processing, while audit data is stored efficiently within WordPress.
-
Does Security Headers Audit remove data on uninstall?
-
Yes. The plugin includes uninstall cleanup functionality to remove plugin-generated data if desired.
Recenzje
Wtyczka nie ma jeszcze żadnej recenzji.
Kontrybutorzy i deweloperzy
„Security Headers Audit” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.
Zaangażowani
Przetłumacz wtyczkę “Security Headers Audit” na swój język.
Interesuje cię rozwój wtyczki?
Przeglądaj kod, sprawdź repozytorium SVN lub czytaj dziennik rozwoju przez RSS.
Rejestr zmian
1.0.0
- Initial public release.
- Added HTTP Security Headers management.
- Added Content Security Policy (CSP) support.
- Added Strict-Transport-Security (HSTS) support.
- Added X-Frame-Options configuration.
- Added X-Content-Type-Options configuration.
- Added Referrer-Policy configuration.
- Added Permissions-Policy configuration.
- Added Cross-Origin policies (COOP, COEP, CORP).
- Added CSP violation logging.
- Added browser console error logging.
- Added security audit trail.
- Added settings management dashboard.
- Added import and export functionality.
- Added uninstall cleanup support.