Embed Snippet on Your Site
Enable HTTP Strict Transport Security (HSTS) in WordPress
The provided code snippet is a WordPress function that enables a WordPress site's HTTP Strict Transport Security (HSTS) header. The HSTS header ensures that all site requests are loaded over a secure HTTPS connection, enhancing the security of the website and protecting it against potential cyber threats.
Key points about the code:
The function is hooked to the 'send_headers' action in WordPress, which allows it to add the HSTS header to outgoing HTTP responses.
The HSTS header is set with a maximum age of 31,536,000 seconds (1 year), includes subdomains ('includeSubDomains'), and is eligible for preloading ('preload').
The code aims to enforce secure SSL connections on all pages and queries of the WordPress site.
The accompanying text emphasizes the importance of configuring the HSTS header in WordPress, especially in the context of the increasing number of security breaches. It notes the favorability of SSL sites in search results and the added confidence it provides to visitors.
Key takeaways about the HSTS implementation:
HSTS headers enhance site security by forcing SSL connections.
SSL-secured websites tend to rank better in search engines.
After enabling HSTS, sites can be added to a preload list for extra security.
Clear caching plugins and then submit to this site for the benefits:
| |
| |
| |
| |
| |
| |
| |
| |
| |
Comments