For someone who is not a developer, GD Security Headers (GPSH) plugin is truly a gift to WP users. It turns “Rocket Science” into just “Science 101”; still needs a bit of knowledge of what you’re doing but this makes it so much easier to tweak security headers. Particularly, that option to only generate reports first for “Content-Security-Policy” before going live is how great plugins should be designed. Also love the fact that if enabled, the GPSH can write directly to the .htaccess file, and if a user prefers otherwise, they can also choose to disable that option to manually add by way of the ‘Generated Headers’ button.
Now, I do have some feedbacks though but please bear in mind again I’m no developer. As such, the things I write might make some of the senior WP users chuckle but I’m just sharing what I think I understand.
1. GPSH writes to the .htaccess file that resides in the same folder where all WP files are kept, meaning if the WP installation is kept inside another folder i.e. /public_html/WP/, the /public_html/WP/.htaccess file will be written to instead of /public_html/.htaccess. Don’t know if it changes anything but just thought I should share that some folks do move their WP installation to another folder.
2. Even though ‘Add: X-XSS-Protection’ has been enabled, a check on Mozilla Observatory came back with the error: “X-XSS-Protection header cannot be recognized”. However, just want to add that it did come out ok when checked on Security Headers.
3. According to Security Headers, there also seems to be a new header called “Feature-Policy”. Is this something that’s already in GPSH? I can’t find it.
Also, First! 🙂
- The topic ‘THANK YOU!!!’ is closed to new replies.