Rating: 5 stars

Manually settings secure headers can be a hassle if you don’t know where to start from, or if you have some errors in your code. This plugin (and the prompt support of the author, in case you need it) really helps you grade A+ in no time by setting the basic specific headers for your site.

Rating: 5 stars

Super easy and works extremelly well.

Rating: 5 stars

Since Andrea has implemented settings to avoid duplicate header entries being listed I am utterly happy with this unobtrusive but veruy helpful plugin. Security aspects are being rated higher consistently, so it feels great to be on the safe side with this fine plugin! And his response time when it comes to support is fabulous. Keep up the good work!

Rating: 5 stars

The plugin works like a charm. I had a wish to support a specific plugin, my support request was resolved within 2 hours and a new plugin version was released!

Rating: 5 stars

Top notch

Rating: 5 stars

It’s excellent! It works with just 1 click, just activate.

Rating: 4 stars

It works really well and is really easy to use, but it can be difficult to figure out the right CSP rules, and the plugin provides zero guidance. You can very easily, say, accidentally block google’s recaptcha script, if you have that installed, and since recaptcha can be set to only ask you once every 30 days, you can run for weeks with no problem and then, long after you’ve forgotten about this, you suddenly get recaptcha errors trying to log into your site, and you need to be able to troubleshoot that. So, -1 star for that. But otherwise, does exactly what it says, and you kind of need this or PageSpeed will complain nowadays. Worth the trouble, but, wish it was a little clearer, or clear at all, on how to figure out how to set it up right.

Rating: 5 stars

The plugin worked great. I appreciate the efforts that Mr. Ferro is making.

Rating: 5 stars

I went to securityheaders and scanned my site. Then installed the Headers Security Advanced & HSTS WP plugin and immediately improved my grade from a D to an A+. Thank you!

Rating: 5 stars

Amazing plugin, just install it already. Can’t recommend enough.

Rating: 5 stars

I went to securityheaders and scanned my site. Then installed the Headers Security Advanced & HSTS WP plugin and immediately improved my grade from a D to an A+. Thank you!

Rating: 5 stars

Works fine and easy

Rating: 5 stars

This plugin is very easy to install/configure and does perfectly the job. I check the security headers thanks “securityheaders by probely” and previously my site has a F grade and now with this plugin I get an A+. Wondefrful, you are awesome, thanks so much.

Rating: 5 stars

I lover it because it is totally free and it doesn’t have an expensive pro version.

Rating: 5 stars

Many thanks for offering this tool for free and giving people the option to handle these security settings without having to go to htaccess.

Rating: 5 stars

Thanks for developing this great plugin. As described, easy to get your Headers score from F to A in a few simple clicks which is excellent.

The developers have a poll asking for which additional functionality to build next, I voted there but also wanted to message here to say please bring the “content type” customizations.

To developers – would you have any advice on how I can add custom MIME type to my ?Content-Type?header? I am trying to add AVIF as a MIME type but cant get it to work.

I assume this would need to edit my hta access file, but which line? The only one it looks like it could be is “X-type” but this looks like it is binary between sniff / no sniff (no option for content type)

Cheers guys

Rating: 4 stars

A good common ground

• This topic was modified 1 year, 1 month ago by 24killen.

Rating: 4 stars

Some WP experts told me it’s better to fix this server side with some HTACCESS rules, so i don’t understand the goal of this tool?

• This topic was modified 1 year, 1 month ago by testwp75.

Rating: 5 stars

This is a great plugin to have!

Rating: 5 stars

i think wordpress core should be implement this work by default

Rating: 5 stars

Many thanks for this contribution, it helped us with PCI compliance

Rating: 5 stars

Amazing, great plugin for getting my securities level up. I digged a bit in the code and modified some parts of the CSP header. But I like to be able to add done more details to my CSP setup without breaking my WordPress, theme. Can that be done?

Regards,

Rob Oudendijk

Rating: 5 stars

Great Plugin. Thank you very much for making and maintaining this plugin. You are providing a very special thing here, and I hope special things come your way too!

Rating: 5 stars

One of the values of WP is to make less settings available and this plugin does just that! It hardly makes you look at settings, although it can leave some features and options desirable – but that’s hardly a big concern for me at the very least.

On another note – Pagespeed Insights is reporting that the use of the Permission-policy header: WindowPlacementPermissionPolicyParsed is deprecated and shouldn’t be used.

It also gave the following feedback –

1. script-src directive is missing. This can allow the execution of unsafe scripts.
2. Missing object-src allows the injection of plugins that execute unsafe scripts. Consider setting object-src to ‘none’ if you can.

But again – that doesn’t take away the hard work and efforts the developers have put in. They and the plugin both deserve 5 stars!

Rating: 5 stars

I have been getting warnings on my various WordPress dashboards for a long time about missing security headers.

I’ve worked through some articles that I found around the web and tried to fix this but it is always helpful.

This plugin does it all very simply just by installing it.

I install the plugin (I usually take a moment to turn on subdomains) and then when I test at a security headers testing site I get an A+!

Also, Andrea @unicorn03 and erku @erku are very helpful and Andrea is very open to feedback and input.

I had one issue and they modified the plugin and fixed it.

• This topic was modified 1 year, 5 months ago by thirstyjon. Reason: Just wanted to mention that it is not only the plugin author but another contributor as well that is very helpful (in the title)

Rating: 5 stars

This plugin does exactly what is described.

Easy to use. Activated and done ??

Great, my sites have passed every security header test I have tried with great results. Thank you!

Rating: 2 stars

It does exactly what it says, but (at least) one of the methods is by modifying .htaccess files without creating a proper backup. This implementation also renders this plugin to be incompatible with multisite installations as change of settings in any sub-site could lead to the effect to be made on all sites.

Rating: 5 stars

so quick to install and went from F to A+ straight away, excellent

Rating: 5 stars

A website I’m managing is required by law to have proper headers security implemented. Instead of having to finding all the needed lines of code and manually putting them in htaccess file on the server where a little mistake can mess things up, this plugin does all the work for you fast and easily. It works out of the box. Make sure you restart the web server for the settings to take effect.

Thank you for those putting in the great work creating this valuable plugin.

Rating: 5 stars

Trés bon plugin et régulièrement mis a jour