Published on
Dec 26, 2024
Updated on
08 Jan 2025
Share

Protect your site with WPMasterToolKit's "Protect Website Headers" module

The security of your WordPress site is a top priority, and that includes protecting your users' data from attacks such as phishing, data theft or malicious injections. That's why we've developed the Protect Website Headersa complete solution for managing HTTP security headers without having to handle sensitive files such as .htaccess or nginx.conf.

With this module, you can quickly configure essential security headers, optimize performance and protect your users, while reducing dependence on other plug-ins or complex configurations.

Which plugins can this module replace?

The module Protect Website Headers WPMasterToolKit is designed to replace plugins such as :

  • HTTP Headers to configure HTTP headers.
  • Security Headers to add protections such as HSTS, Content Security Policy (CSP), etc.
  • X-Frame-Options plugins to prevent clickjacking attacks.
  • CSP Manager to manage content security policies.

With this module, you can bring all these functions together in one place.

Discover the module : SMTP mail

The main features of the "Protect Website Headers" module

The module offers a series of security headers configurable via the WordPress interface. Here are some of the key features:

1. Strict-Transport-Security (HSTS)

Protect your site by forcing HTTPS connections via the header Strict-Transport-Security.

  • Options included :
    • Define lifetime (max-age) in seconds.
    • Activate option includeSubDomains to apply the rule to your sub-domains.
    • Activate preload to register your site in the browser preload list.

2. Content Security Policy (CSP)

Create a strict policy to limit authorized external resources (scripts, images, etc.), thus reducing the risk of XSS (Cross-Site Scripting) attacks.

  • You can add custom rules via the CSP Header Contents.
  • Set up a CSP Report URI to monitor violations without blocking directly.

3. Permissions-Policy

Manage access to specific browser functions via the header Permissions-Policy (formerly Feature-Policy).

  • Example: Disable access to camera, microphone or GPS on certain pages.

4. X-Content-Type-Options

Add header X-Content-Type-Options: nosniff to prevent attacks based on incorrect interpretation of MIME types.

5. X-Frame-Options

Prevent your site content from being embedded in iframes on third-party sites, thus protecting against clickjacking.

  • Available options : DENY, SAMEORIGIN or ALLOW-FROM with personalized URL.

6. Other security headers

In addition to the above headers, the module automatically adds :

  • Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy to secure interactions between origins.
  • Referrer-Policy Control of referent information sharing.
  • Access-Control-Allow-Methods and Access-Control-Allow-Headers to manage CORS (Cross-Origin Resource Sharing) authorizations.

7. Compatibility with Apache and Nginx

The module automatically generates the necessary rules for Apache and Nginx servers:

  • For Apacherules are added to the .htaccess.
  • For Nginxdirectives add_header are generated in the form of ready-to-integrate code.

How do I use the "Protect Website Headers" module?

  1. Activate module In the WPMasterToolKit dashboard, simply activate the module Protect Website Headers.
  2. Access parameters : Go to Settings → Protect Website Headers.
  3. Configure your headers Choose the desired options for each header, such as :
    • HSTS lifetime (max-age).
    • Customized content for CSP headers.
    • Report URL for CSP Report URI.
    • X-Frame options (Deny, SameOrigin, etc.).
  4. Save settings Click on "Save" to apply your changes.

The module ensures that your headers are correctly configured without conflicts with other plugins or server configurations.

WordPress header protection settings.

Why this technical choice?

Performance and safety combined

We've opted for a solution that only loads its functionality when the module is activated. This ensures that your site remains fast and lightweight, while benefiting from advanced protection.

Automatic generation of server rules

Whether it's Apache or Nginx configurations, our module automatically generates the necessary directives, simplifying the process for both novice and advanced users.

Universal application

Security headers are added uniformly to all HTTP requests via the wp_headersfor complete page coverage.

Flexibility with CSP reports

For sites wishing to test their CSP policies without affecting users, we have included the option Content-Security-Policy-Report-Only. This makes it possible to monitor violations before applying a strict policy.

Pro
from
2.50$
/Month
14
Days
Money-back guarantee
risk-free at 100 %!

Conclusion

The module Protect Website Headers is a powerful tool for strengthening the security of your WordPress site in just a few clicks. By gathering all critical HTTP header configurations in one place, it saves you time, simplifies security management and improves the user experience.

With WPMasterToolKit, you no longer need a multitude of plugins to protect your site. Activate this module today and offer your visitors a safer, more secure online environment.

Category
Security
Version
≤ 1.9.0
Type
Free
More than 18 reviews
+1000
Installations
104
Modules
Pro
from
30.00$
/Year