Description
Security Headers Audit helps WordPress site owners strengthen browser-side security through modern HTTP security headers and comprehensive auditing tools.
The plugin provides an easy-to-use interface for configuring recommended security headers, monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress.
By implementing industry-standard browser security protections, Security Headers Audit can help reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type attacks, and unsafe cross-origin interactions.
Key Features
- Configure HTTP Security Headers from a centralized dashboard.
- Content Security Policy (CSP) management.
- Strict-Transport-Security (HSTS) support.
- X-Frame-Options protection against clickjacking.
- X-Content-Type-Options support to prevent MIME sniffing.
- Referrer-Policy management.
- Permissions-Policy configuration for browser feature control.
- Cross-Origin-Opener-Policy (COOP) support.
- Cross-Origin-Embedder-Policy (COEP) support.
- Cross-Origin-Resource-Policy (CORP) support.
- CSP violation monitoring and logging.
- Browser console error collection.
- Security configuration audit trail.
- Import and export settings.
- Clean uninstall support.
Supported Security Headers
- Content-Security-Policy (CSP)
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Embedder-Policy (COEP)
- Cross-Origin-Resource-Policy (CORP)
Installation
- Upload the plugin files to the
/wp-content/plugins-security-headers-auditdirectory, or install the plugin through the WordPress Plugins screen. - Activate the plugin through the “Plugins” screen in WordPress.
- Open the Security Headers Audit” menu in the WordPress admin dashboard.
- Configure your preferred security headers and auditing options.
- Save your settings.
FAQ
-
What is Content Security Policy (CSP)?
-
Content Security Policy (CSP) is a browser security mechanism that helps prevent Cross-Site Scripting (XSS) and code injection attacks by controlling which resources can be loaded and executed.
-
Can I use Security Headers Audit on existing websites?
-
Yes. Security Headers Audit can be installed on both new and existing WordPress websites. Always test security header changes in a staging environment before deploying to production.
-
Does the plugin impact website performance?
-
Security Headers Audit is lightweight and designed to have minimal impact on performance. Security headers are applied during normal request processing, while audit data is stored efficiently within WordPress.
-
Does Security Headers Audit remove data on uninstall?
-
Yes. The plugin includes uninstall cleanup functionality to remove plugin-generated data if desired.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Security Headers Audit” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Security Headers Audit” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial public release.
- Added HTTP Security Headers management.
- Added Content Security Policy (CSP) support.
- Added Strict-Transport-Security (HSTS) support.
- Added X-Frame-Options configuration.
- Added X-Content-Type-Options configuration.
- Added Referrer-Policy configuration.
- Added Permissions-Policy configuration.
- Added Cross-Origin policies (COOP, COEP, CORP).
- Added CSP violation logging.
- Added browser console error logging.
- Added security audit trail.
- Added settings management dashboard.
- Added import and export functionality.
- Added uninstall cleanup support.