WordPress.org

Chile

Consigue WordPress
WordPress.org

Plugin Directory

Security Headers & Caching

Security Headers & Caching

Por Studio Be4
Descargar

Descripción

Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more.

Key Features

  • Easy Configuration – Simple admin interface to enable/disable security headers
  • Multiple Security Headers – Comprehensive security header support
  • Smart Caching – Configurable cache duration for better performance
  • Universal Compatibility – Works with all hosting providers
  • No Conflicts – Compatible with popular security and caching plugins
  • Translation Ready – Full internationalization support

Security Headers Included

  • X-Powered-By – Removes server technology information to prevent targeted attacks
  • Content-Security-Policy (CSP) – Controls which resources can be loaded to prevent XSS attacks
  • Strict-Transport-Security (HSTS) – Forces HTTPS connections for enhanced security
  • X-XSS-Protection – Enables XSS filtering in older browsers
  • X-Frame-Options – Prevents clickjacking attacks by controlling iframe embedding
  • X-Content-Type-Options – Prevents MIME type sniffing
  • Referrer-Policy – Controls how much referrer information is shared
  • Permissions-Policy – Controls browser features and APIs

Caching Features

  • Configurable cache duration (seconds)
  • Automatic cache headers management
  • Compatible with CDN services
  • No conflict with existing cache plugins

Why Security Headers Matter

Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against:

  • Cross-Site Scripting (XSS) attacks
  • Clickjacking attempts
  • Code injection attacks
  • MIME type sniffing
  • Protocol downgrade attacks
  • And much more…

Developer Friendly

The plugin provides filters for developers to customize headers:

  • shc_security_headers – Filter to modify security headers array

Test Your Security

After installing and configuring the plugin, test your site’s security at:
* Security Headers
* Mozilla Observatory

Privacy

This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server.

Developer Documentation

Filters

shc_security_headers

Modify the security headers before they are sent.

add_filter( 'shc_security_headers', function( $headers ) {
    // Add custom header
    $headers['X-Custom-Header'] = 'custom-value';

    // Modify existing header
    $headers['X-Frame-Options'] = 'DENY';

    return $headers;
} );

Constants

  • SHC_VERSION – Plugin version number
  • SHC_PLUGIN_DIR – Plugin directory path
  • SHC_PLUGIN_URL – Plugin directory URL
  • SHC_PLUGIN_BASENAME – Plugin basename

Support

For support, feature requests, or bug reports, please visit:
* Plugin Website

Credits

Developed by Studio Be4 – Web Design & Development Agency

License

This plugin is licensed under the GPLv2 or later.

Capturas de pantalla

  • Main settings page with all security header options
  • Easy-to-use interface with helpful descriptions
  • Cache configuration options

Instalación

Automatic Installation

  1. Log in to your WordPress admin panel
  2. Navigate to Plugins Add New
  3. Search for “Security Headers & Caching”
  4. Click “Install Now” and then “Activate”

Manual Installation

  1. Download the plugin ZIP file
  2. Log in to your WordPress admin panel
  3. Navigate to Plugins Add New Upload Plugin
  4. Select the downloaded ZIP file and click “Install Now”
  5. Activate the plugin

Configuration

  1. After activation, navigate to Security Headers in your WordPress admin menu
  2. Enable the security headers you want to use
  3. Configure the Content Security Policy and other settings as needed
  4. Set cache duration if desired (recommended: 3600 seconds for 1 hour)
  5. Click “Save Settings”
  6. Test your configuration at securityheaders.com

FAQ

Will this plugin slow down my website?

No, security headers are lightweight HTTP headers that add negligible overhead. The caching feature actually improves performance.

Is this compatible with my hosting provider?

Yes! This plugin is designed to work with all hosting providers including Aruba, SiteGround, Bluehost, WP Engine, and others. Unlike the previous version, it uses WordPress core hooks that work universally.

Can I use this with other security plugins?

Yes, Security Headers & Caching is designed to work alongside other security plugins. It focuses specifically on HTTP headers.

Will this break my site?

The default settings are conservative and should work for most sites. However, strict Content Security Policy settings can affect sites using inline scripts or external resources. Test thoroughly after configuring.

What is HSTS and should I enable it?

HSTS (HTTP Strict Transport Security) forces browsers to use HTTPS. Only enable this if your site has a valid SSL certificate and is fully accessible via HTTPS.

How do I know if it’s working?

Visit securityheaders.com, enter your website URL, and check your security grade. You should see improvements after activating the plugin.

Can I customize the headers?

Yes! Developers can use the shc_security_headers filter to modify headers programmatically. See the plugin documentation for examples.

What happens to my settings if I deactivate the plugin?

Your settings are preserved in the database. If you uninstall (delete) the plugin, all settings are automatically removed.

Does this plugin work with WordPress multisite?

Yes, the plugin is fully compatible with WordPress multisite installations.

I’m getting a lower score on securityheaders.com, why?

Security headers need to be configured based on your site’s specific needs. A strict CSP policy may require listing all external resources. Adjust settings based on your requirements.

Reseñas

No hay reseñas para este plugin.

Colaboradores & Desarrolladores

“Security Headers & Caching” es software de código abierto. Las siguientes personas han contribuido a este plugin.

Colaboradores

Traduce “Security Headers & Caching” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código, echa un vistazo al repositorio SVN, o suscríbete al registro de desarrollo por RSS .

Historial de cambios

7.3 (2025-01-08)

  • Complete rewrite from version 7.2
  • Fixed: Headers now work on all hosting providers (not just Aruba)
  • Fixed: Proper use of WordPress hooks (send_headers instead of init)
  • Fixed: Added proper CSRF protection with nonce verification
  • Fixed: All inputs properly sanitized and validated
  • Fixed: Checkbox values correctly handled
  • Fixed: Cache duration field now shows saved values
  • Added: Individual toggles for each security header
  • Added: Full internationalization support
  • Added: Proper WordPress Settings API integration
  • Added: Professional admin interface with helpful descriptions
  • Added: Settings link on plugins page
  • Added: Automatic cleanup on uninstall
  • Added: Multisite support
  • Added: Developer filters for customization
  • Added: Comprehensive documentation
  • Improved: Code organization with separate classes
  • Improved: Security with capability checks
  • Improved: Compatibility with all hosting environments
  • Improved: User experience with better UI/UX

Meta

Calificaciones

Aún no se han enviado valoraciones.

Agregar mi reseña

Ver todas las reseñas

Colaboradores

Soporte

¿Tienes algo que decir? ¿Necesitas ayuda?

Ver el foro de soporte