http security protocol: is the abbreviation of the phrase (Hyper Text Transfer Protocol), and it means secure hypertext transfer protocol .
What it does : Configures the web browser to use a valid secure connection with the web application .
What are HTTP security headers ?
These are security measures that allow a website’s servers to block common security threats before they have an effect on the website. Especially when users visit, it sends an HTTP address alert to browsers .
These alerts provide browsers with important information (such as error codes, cache control, and other conditions) .
Thus, this response occurs in its normal form, a state called (HTTP 200) .
And then your site is loaded into the user’s browser .
However , if your site is having difficulty, your web server may send a completely different HTTP header .
For example , it may send a 500 internal server error related to the user or a 404 Not Found error code related to the browser .
The HTTP security protocol is a subset of these protocols that are used to protect websites from common threats like hacking, cross-site scripting, hacking attacks, and more
Extreme Transport Security ( HSTS )
It tells web browsers that your website uses HTTPs and should not load it using an insecure protocol such as HTTP .
And if you move your site from HTTP to HTTPs, this security header will stop browsers from loading your site in HTTP .
-
X-XSS Protection
This protocol prevents site scripts from loading on your WordPress site .
-
Frame options – X
These security address options block iframes from being streamed through the domain or being clicked on .
-
content type -X
This option blocks dangerous (mime) content. However, we will learn how to easily add HTTP headers in WordPress .
Easily add HTTP security headers in WordPress
HTTP headers work best when defined on a web server ( such as your WordPress hosting ) .
This shortens the time it takes to run a typical HTTP request, which is a benefit to you .
It can also be better when you use a DNS-level website application firewall like Sucuri or Cloudflare .
We will explain some ways and you choose what suits you best .
1 – Add using /sucuri/ :
The best security plugin is Sucuri in the WordPress marketplace .
If you are using a site firewall service, you can set HTTP security headers without using tokens .
If you are using a site firewall service, you can set HTTP security headers without using tokens .
First, the Sucuri account needs to log in and create an account, which is a paid service that comes with an advanced website firewall .
As such, it is a plugin, and it guarantees that malware will be removed from your site .
You have to answer a few simple questions, and Sucuri will help you set up a website application firewall on your site .
You must install and activate the free Sucuri plugin and when the activation is done, go to the Sucuri Security page »> Firewall (WAF) and enter the firewall API key .
The following figure shows how to add a firewall.
Then click the Save button to store your changes .
Next, go to the Sucuri dashboard Click on the Settings menu at the top and switch to the Security tab .
Then you have three sets of protection rules (Default Protection – HSTS – HSTS Full). Within it you will find the security addresses that will be applied to each group .
Then click Save to save the changes. Sucuri will now add the HTTP security protocol specified in WordPress .
Your website traffic will be protected from hackers even before they arrive since the firewall is at the DNS level .
2 – Add with Cloudflare
Cloudflare is a free basic website firewall and offers a CDN service .
You may need to upgrade to their Pro plan because the free service doesn’t offer all of their benefits .
When Cloudflare is activated on your site, go to the SSL/TLS page under your Cloudflare account dashboard .
Then go to the Other Certificates tab .
To add Cloudflare to your site, you can do the following :
Now, scroll down to the (HSTS) section and then click on the “Enable HSTS” button .