Support » Plugin: GD Security Headers » THANK YOU!!!

  • For someone who is not a developer, GD Security Headers (GPSH) plugin is truly a gift to WP users. It turns “Rocket Science” into just “Science 101”; still needs a bit of knowledge of what you’re doing but this makes it so much easier to tweak security headers. Particularly, that option to only generate reports first for “Content-Security-Policy” before going live is how great plugins should be designed. Also love the fact that if enabled, the GPSH can write directly to the .htaccess file, and if a user prefers otherwise, they can also choose to disable that option to manually add by way of the ‘Generated Headers’ button.

    Now, I do have some feedbacks though but please bear in mind again I’m no developer. As such, the things I write might make some of the senior WP users chuckle but I’m just sharing what I think I understand.

    1. GPSH writes to the .htaccess file that resides in the same folder where all WP files are kept, meaning if the WP installation is kept inside another folder i.e. /public_html/WP/, the /public_html/WP/.htaccess file will be written to instead of /public_html/.htaccess. Don’t know if it changes anything but just thought I should share that some folks do move their WP installation to another folder.

    2. Even though ‘Add: X-XSS-Protection’ has been enabled, a check on Mozilla Observatory came back with the error: “X-XSS-Protection header cannot be recognized”. However, just want to add that it did come out ok when checked on Security Headers.

    3. According to Security Headers, there also seems to be a new header called “Feature-Policy”. Is this something that’s already in GPSH? I can’t find it.

    Also, First! 🙂

    • This topic was modified 1 year, 6 months ago by ranggie4.
    • This topic was modified 1 year, 6 months ago by Jan Dembowski. Reason: Deleted all links to other sites
    • This topic was modified 1 year, 6 months ago by ranggie4. Reason: Removed links and replaced with text
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    @ranggie4 Thanks for the review but please keep it to your words here only. No links or links to images. That’s not permitted in reviews and I have removed yours.

    If you need support then please raise a support topic.

    https://wordpress.org/support/plugin/gd-security-headers/#new-post

    Plugin Author Milan Petrovic

    (@gdragon)

    @ranggie4 Sorry for my late reply on this, but here are few explanations.

    1. I plan to add an option to adjust this or to include different detection method where the .htaccess is.

    2. Mozilla tests for security headers are not the best, and they often flag things that are fine.

    3. Feature Policy is added in version 1.2 of the plugin.

    Thanks for the review!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘THANK YOU!!!’ is closed to new replies.