Benefits of the HTTP security protocol and how to set it up (Part 1)

Benefits of the HTTP

http security protocol: is the abbreviation of the phrase (Hyper Text Transfer Protocol), and it means secure hypertext transfer protocol .

What it does : Configures the web browser to use a valid secure connection with the web application .

HTTP Security URLs Do you want to add them to your WordPress site ?
HTTP allows you to create an additional layer of protection for your WordPress website, and enables you to block the most common malicious events and their impact on site performance.
In this article, we will show you how to add them easily
HTTP security protocol

What are HTTP security headers ?

These are security measures that allow a website’s servers to block common security threats before they have an effect on the website. Especially when users visit, it sends an HTTP address alert to browsers .

These alerts provide browsers with important information (such as error codes, cache control, and other conditions) .

Thus, this response occurs in its normal form, a state called (HTTP 200) .

And then your site is loaded into the user’s browser .

However , if your site is having difficulty, your web server may send a completely different HTTP header .

For example , it may send a 500 internal server error related to the user or a 404 Not Found error code related to the browser .

The HTTP security protocol is a subset of these protocols that are used to protect websites from common threats like hacking, cross-site scripting, hacking attacks, and more

Extreme Transport Security ( HSTS )

It tells web browsers that your website uses HTTPs and should not load it using an insecure protocol such as HTTP . 

And if you move your site from HTTP to HTTPs, this security header will stop browsers from loading your site in HTTP .

  • X-XSS Protection

This protocol prevents site scripts from loading on your WordPress site .

  • Frame options – X

These security address options block iframes from being streamed through the domain or being clicked on .

  • content type -X

This option blocks dangerous (mime) content. However, we will learn how to easily add HTTP headers in WordPress .

Easily add HTTP security headers in WordPress

HTTP headers work best when defined on a web server ( such as your WordPress hosting ) .

This shortens the time it takes to run a typical HTTP request, which is a benefit to you .

It can also be better when you use a DNS-level website application firewall like Sucuri or Cloudflare .

We will explain some ways and you choose what suits you best .

1 – Add using /sucuri/ :

The best security plugin is Sucuri in the WordPress marketplace .

If you are using a site firewall service, you can set HTTP security headers without using tokens .

If you are using a site firewall service, you can set HTTP security headers without using tokens .

First, the Sucuri account needs to log in and create an account, which is a paid service that comes with an advanced website firewall .

As such, it is a plugin, and it guarantees that malware will be removed from your site .

You have to answer a few simple questions, and Sucuri will help you set up a website application firewall on your site .

You must install and activate the free Sucuri plugin and when the activation is done, go to the Sucuri Security page »> Firewall (WAF) and enter the firewall API key .

The following figure shows how to add a firewall.

 

بروتوكول https

Then click the Save button to store your changes .

Next, go to the Sucuri dashboard Click on the Settings menu at the top and switch to the Security tab .

HTTP security protocol

Then you have three sets of protection rules (Default Protection – HSTS – HSTS Full). Within it you will find the security addresses that will be applied to each group .

Then click Save to save the changes. Sucuri will now add the HTTP security protocol specified in WordPress .

Your website traffic will be protected from hackers even before they arrive since the firewall is at the DNS level .

2 – Add with Cloudflare

Cloudflare is a free basic website firewall and offers a CDN service .

You may need to upgrade to their Pro plan because the free service doesn’t offer all of their benefits .

When Cloudflare is activated on your site, go to the SSL/TLS page under your Cloudflare account dashboard .

Then go to the Other Certificates tab .

To add Cloudflare to your site, you can do the following :

بروتوكول https

Now, scroll down to the (HSTS) section and then click on the “Enable HSTS” button .

بروتوكول https

A popup will appear with some instructions telling you that HTTPS must be enabled on your WordPress blog before using this feature . Click Next to continue, and you will find more HTTP options .
http
From here, you can enable HSTS, no-sniff header, apply HSTS to subdomains (if they use HTTPS), and load HSTS .
It offers basic protection using HTTP security .
However, it does not allow you to add X-Frame-Options and Cloudflare does not have a user interface to do so .
You can still do this by creating an HTTPS security header script but it may cause unexpected problems for beginners so we don’t recommend it .
And we will explain the remaining two methods in the other article.

 

 

Previous post
Speed up the site and link it to cash services through Cloudflare
Next post
Benefits of the HTTP security protocol and how to set it up (Part 2)

Leave a Reply