Website security is a top priority for website owners. One way to improve the security of your WordPress website is by adding HTTP security headers. One of the most important headers is the Strict-Transport-Security (STS) header. In this article, we will show you how to set the Strict-Transport-Security header in WordPress using .htaccess. Additionally, you can use a free tool to confirm whether its implementation was successful.
What is Strict-Transport-Security (STS)?
The Strict-Transport-Security (STS) header is a security feature that instructs the browser to only access the website over HTTPS for a specified period. This header helps to prevent man-in-the-middle (MITM) attacks and other security threats.
How to Set Strict-Transport-Security in WordPress Using .htaccess
Here are the steps to set the Strict-Transport-Security header in WordPress using .htaccess:
- Open your WordPress website’s .htaccess file. If you don’t have one, create a new file and name it “.htaccess”.
- Add the following code to the file:
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
Header set Referrer-Policy: no-referrer-when-downgrade
</ifModule>
This code enables the Strict-Transport-Security header for one year (max-age=31536000 seconds), only for HTTPS request.
How to check your website security headers
Here’s how you can use Atatus HTTP Security Response Header Checker to check if the changes in your .htaccess file had the desired effect. And you will also be graded:
- Go to the Atatus HTTP Security Response Header Checker website.
- Enter your website’s URL in the text box provided.
- Click on the “Check Headers” button.
- The tool will analyze your website’s HTTP response headers and provide a full report on your website’s security headers.
- Check the report to see if the changes you made to your .htaccess file had the desired effect.
Conclusion
Adding the Strict-Transport-Security header to your WordPress website is an important step in improving its security. By following the steps outlined in this article, you can easily set the Strict-Transport-Security header in WordPress using .htaccess. And with Atatus HTTP Security Response Header Checker you can check your security headers.
Remember to always test your website after making changes to ensure that everything is working as expected.