Support » Plugins » Hacks » HTTP Strict Transport Security

  • I would like to turn on HTTP Strict Transport Security on my WordPress blog. Unfortunately, I don’t have the ability to edit the httpd.conf file so I would like to have the PHP scripts themselves generate the Strict-Transport-Security header as outlined in this article:

    Has this already been done somewhere in the code? I can’t find a settings control to turn it on, if so. What would be the best file to modify to insert this header?

Viewing 1 replies (of 1 total)
  • Ok, this was a lot easier than I thought. I just put a few lines into index.php in the top level directory:


    if (!isset($_SERVER['HTTPS'])) {
    header('Status-Code: 301');
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    } else {
    header('Strict-Transport-Security: max-age=500'); of file...

Viewing 1 replies (of 1 total)
  • The topic ‘HTTP Strict Transport Security’ is closed to new replies.