HTTP Strict Transport Security (2 posts)

  1. mccap
    Posted 5 years ago #

    I would like to turn on HTTP Strict Transport Security on my WordPress blog. Unfortunately, I don't have the ability to edit the httpd.conf file so I would like to have the PHP scripts themselves generate the Strict-Transport-Security header as outlined in this article:


    Has this already been done somewhere in the code? I can't find a settings control to turn it on, if so. What would be the best file to modify to insert this header?

  2. mccap
    Posted 5 years ago #

    Ok, this was a lot easier than I thought. I just put a few lines into index.php in the top level directory:


    if (!isset($_SERVER['HTTPS'])) {
    header('Status-Code: 301');
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    } else {
    header('Strict-Transport-Security: max-age=500');
    ...rest of file...

Topic Closed

This topic has been closed to new replies.

About this Topic