So I am getting the following Security Error from a Site Check plugin I have installed:
Your .htaccess file does not contain all recommended security headers.
Can anyone help me properly add these Security Headers to my .htaccess file?
I can access and edit the file, I just don’t know exactly what to add.
Thank you!
Ok I found a walk-thru that helped me add them and those Security Errors seem to have cleared.
But I want to make sure I put them in the right area in my .htaccess file.
Does this look right:
# BEGIN rlrssslReallySimpleSSL rsssl_version[5.1.3]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# Really Simple SSL
Header always set Content-Security-Policy "upgrade-insecure-requests"
# End Really Simple SSL
# Really Simple SSL
Header always set X-Content-Type-Options "nosniff"
# End Really Simple SSL
# Really Simple SSL
Header always set X-XSS-Protection "1; mode=block"
# End Really Simple SSL
# Really Simple SSL
Header always set Expect-CT "max-age=7776000, enforce"
# End Really Simple SSL
# Really Simple SSL
Header always set Referrer-Policy: "no-referrer-when-downgrade"
# End Really Simple SSL
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType application/pdf "access plus 1 week"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/html "access plus 8 hours"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 1 week"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "3"
Header set X-nginx-cache "WordPress"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74†package as the default “PHP†programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not editHi John,
Thanks for reaching out.
It looks fine, but please remember that investigation or giving support outside the theme and bundled plugin is beyond the scope of theme support. I would suggest you avail of our newly launched service called One, where we answer the questions beyond normal theme support.
Thanks
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.