{"id":247579,"date":"2025-08-24T17:33:07","date_gmt":"2025-08-24T17:33:07","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/easy-security-headers\/"},"modified":"2025-08-24T17:31:33","modified_gmt":"2025-08-24T17:31:33","slug":"fix-it-easy-security-headers","status":"publish","type":"plugin","link":"https:\/\/szl.wordpress.org\/plugins\/fix-it-easy-security-headers\/","author":14600740,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1","stable_tag":"1.1","tested":"6.8.5","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Fix It Easy Security Headers","header_author":"WP Fix It","header_description":"Configure various security headers. Security headers enhance the security and privacy of a WordPress website by instructing the browser on how to handle various aspects of web communication. Implementing these headers helps protect against common web vulnerabilities and attacks.","assets_banners_color":"5c5c5c","last_updated":"2025-08-24 17:31:33","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.wpfixit.com","header_plugin_uri":"","header_author_uri":"https:\/\/www.wpfixit.com","rating":0,"author_block_rating":0,"active_installs":10,"downloads":269,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1":{"tag":"1.1","author":"wpfixit","date":"2025-08-24 17:31:33"}},"upgrade_notice":{"1.0":"<p>First release. After updating, review <strong>Tools \u2192 Security Headers<\/strong> to confirm your preferred settings.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.gif":{"filename":"icon-128x128.gif","revision":3349315,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.gif":{"filename":"icon-256x256.gif","revision":3349315,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3349315,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3349315,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3349315,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"Settings screen with header toggles and \u201cCheck Headers\u201d button."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,2846,34310,246736,600],"plugin_category":[54],"plugin_contributors":[83394],"plugin_business_model":[],"class_list":["post-247579","plugin","type-plugin","status-publish","hentry","plugin_tags-csp","plugin_tags-headers","plugin_tags-hsts","plugin_tags-referrer-policy","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-wpfixit","plugin_committers-wpfixit"],"banners":{"banner":"https:\/\/ps.w.org\/fix-it-easy-security-headers\/assets\/banner-772x250.png?rev=3349315","banner_2x":"https:\/\/ps.w.org\/fix-it-easy-security-headers\/assets\/banner-1544x500.png?rev=3349315","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/fix-it-easy-security-headers\/assets\/icon-128x128.gif?rev=3349315","icon_2x":"https:\/\/ps.w.org\/fix-it-easy-security-headers\/assets\/icon-256x256.gif?rev=3349315","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/fix-it-easy-security-headers\/assets\/screenshot-1.png?rev=3349315","caption":"Settings screen with header toggles and \u201cCheck Headers\u201d button."}],"raw_content":"<!--section=description-->\n<p><strong>WP Fix It Easy Security Headers<\/strong> adds a simple page under <strong>Tools \u2192 Security Headers<\/strong> where you can toggle common HTTP security headers:<\/p>\n\n<ul>\n<li><strong>Strict-Transport-Security (HSTS)<\/strong><\/li>\n<li><strong>Content-Security-Policy (CSP)<\/strong><\/li>\n<li><strong>X-Frame-Options<\/strong><\/li>\n<li><strong>X-Content-Type-Options<\/strong><\/li>\n<li><strong>Referrer-Policy<\/strong><\/li>\n<li><strong>Permissions-Policy<\/strong><\/li>\n<\/ul>\n\n<p>On activation, all headers are <strong>enabled by default<\/strong> and you\u2019re redirected to the settings screen.<\/p>\n\n<p>For convenience, the page and the Plugins screen include a <strong>\u201cCheck Headers\u201d<\/strong> button that opens SecurityHeaders.com with your site\u2019s URL prefilled (built dynamically from <code>home_url()<\/code>).<\/p>\n\n<h3>Notes on CSP<\/h3>\n\n<p>This plugin ships with a <strong>permissive<\/strong> default CSP intended to \u201cwork everywhere\u201d out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site.<\/p>\n\n<h3>Key Features<\/h3>\n\n<ul>\n<li>One-click toggles for popular headers<\/li>\n<li>Dynamic \u201cCheck Headers\u201d scan link<\/li>\n<li>Uses the WordPress Settings API (nonce + capability checks)<\/li>\n<li>Output escaping and sanitization following PHPCS<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/fix-it-easy-security-headers\/<\/code> or install via Plugins \u2192 Add New.<\/li>\n<li>Activate the plugin.<\/li>\n<li>You\u2019ll be redirected to <strong>Tools \u2192 Security Headers<\/strong>. Review and adjust toggles as needed.<\/li>\n<li>(Optional) Click <strong>Check Headers<\/strong> to verify your headers on SecurityHeaders.com.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='where%20do%20i%20manage%20the%20settings%3F'><h3>Where do I manage the settings?<\/h3><\/dt>\n<dd><p>Go to <strong>Tools \u2192 Security Headers<\/strong>.<\/p><\/dd>\n<dt id='what%20happens%20on%20activation%3F'><h3>What happens on activation?<\/h3><\/dt>\n<dd><p>All header options are enabled and you\u2019re redirected once to the settings page.<\/p><\/dd>\n<dt id='will%20this%20break%20my%20site%3F'><h3>Will this break my site?<\/h3><\/dt>\n<dd><p>Most headers are safe defaults. The provided CSP is intentionally permissive; it shouldn\u2019t block assets. For strict CSPs, tailor directives to your stack and test.<\/p><\/dd>\n<dt id='can%20i%20use%20this%20on%20multisite%3F'><h3>Can I use this on multisite?<\/h3><\/dt>\n<dd><p>Yes. The \u201cCheck Headers\u201d URL is derived from <code>home_url()<\/code>. Activation redirect is skipped for network\/bulk activations.<\/p><\/dd>\n<dt id='why%20don%E2%80%99t%20i%20see%20a%20%E2%80%9Csettings%20saved%E2%80%9D%20notice%20twice%3F'><h3>Why don\u2019t I see a \u201cSettings saved\u201d notice twice?<\/h3><\/dt>\n<dd><p>The page prints only this plugin\u2019s scoped settings messages to avoid duplicate notices.<\/p><\/dd>\n<dt id='can%20i%20customize%20the%20csp%3F'><h3>Can I customize the CSP?<\/h3><\/dt>\n<dd><p>Yes. You can modify the <code>$csp<\/code> string in <code>security_headers_add_headers()<\/code> to fit your site\u2019s needs.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.<\/li>\n<li>Activation enables all options and redirects to settings.<\/li>\n<li>Dynamic SecurityHeaders.com scan link.<\/li>\n<\/ul>","raw_excerpt":"Configure core HTTP security headers for your WordPress site in a few clicks.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/247579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=247579"}],"author":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/wpfixit"}],"wp:attachment":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=247579"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=247579"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=247579"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=247579"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=247579"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=247579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}