Transform your website's security with the Inspired Monks Security Header Plugin - your one-click solution to enhanced protection.
Ensures your site is only accessed over secure HTTPS connections, protecting against protocol downgrade attacks and man-in-the-middle attacks. Now, includes automatic application on activation!
Prevents clickjacking by restricting how your site is embedded on other sites, keeping your content safe. Now, with real-time tracking of activated headers!
Stops browsers from sniffing MIME types, reducing the risk of code injection and keeping your data secure. Easily toggleable with the new settings page.
Controls the sources from which content can be loaded, protecting your site from cross-site scripting (XSS) attacks and data injection. Allows granular control over external scripts and resources.
Manages browser features like camera, microphone, and geolocation, giving you control over your site's privacy settings. Better control over privacy settings, including automatic updates.
Enables browser-based cross-site scripting (XSS) protection, adding an extra layer of security for your visitors. Enhanced monitoring with new real-time feature status display.
Restricts cross-domain resource sharing to prevent unwanted access to your website’s data, enhancing cross-origin security. Easier to manage and update through the plugin's intuitive interface.
Enforces certificate transparency, ensuring that your SSL/TLS certificates are properly logged and trusted by certificate authorities. Provides peace of mind with automatic certificate tracking.
Controls browser feature access, allowing you to decide which resources can be loaded and used on your site. Now includes automatic updates and detailed tracking for each feature policy.
Restricts sharing of resources across different origins. This helps prevent cross-origin attacks by ensuring only trusted sources can access your site's resources. Now, easily configurable with a simple toggle.
Protects against cross-origin attacks by isolating browsing contexts. This ensures that malicious sites cannot easily access the context of your site’s resources. Provides an added layer of protection for sensitive user data.
Controls how much referrer information is sent with requests, protecting user privacy. This helps prevent unnecessary exposure to referral information. Easily managed from the settings page, with complete control over what data is shared.
The Security Header Plugin is a powerful tool designed to easily implement security headers on your WordPress site, safeguarding it against common vulnerabilities like XSS, clickjacking, and data injection.
Our plugin supports 12 essential security headers, including HSTS, X-Frame-Options, Content-Security-Policy (CSP), X-XSS-Protection, and more!
Simply navigate to the Settings > Security Headers section in your WordPress dashboard, choose the headers you wish to enable, and the plugin will apply them automatically.
No coding is required! The plugin provides an intuitive interface, allowing you to toggle headers with just a click.
You can easily disable any header causing issues directly from the settings page without affecting the rest of your security configuration.
Yes, use tools like SecurityHeaders.com or inspect the response headers in your browser to confirm if the headers are working correctly.
Yes, the plugin is compatible with WordPress multisite installations, and you can configure headers for each site individually.
Yes, simply deactivate and delete the plugin, and all headers will be removed from your site.
Yes, the HTTP Security Header Plugin is free to download and use. We offer premium services for customizations if needed.
Yes, the Security Header Plugin is compatible with all WordPress themes. It works by modifying the HTTP headers sent from your server, without affecting your site's content or appearance.