How To Add Missing Recommended Security Headers In WordPress .htaccess File?

How To Add Missing Recommended Security Headers In WordPress .htaccess File?: Recently when I updated some plugins in my WordPress website. So we started getting some such error show that “your .htaccess file does not contain all recommended security headers” Well we fixed it in few seconds.

Article Index

But when we searched online about it, we did not get any information related to it. That’s why we are writing this article for those bloggers or website owners, who do their website or blogging.

So that if you are also showing similar errors in your WordPress site health. So you were able to fix those errors yourself and you do not have to face much problems. In this article, we will tell you how you can manually add recommended security headers to your website.

But before that we would like you to get a little more information about these security headers. So that in future, if you ever have any problem related to these security headers, then you can easily handle it yourself, so let’s start.

Learn here :How to do Guest Post

What is Security Headers?

Below we are telling you about some special security headers and how you can manually add all those security headers. So let’s know about these security headers-

HSTS – Once this header is set on your domain, from then on whenever a user searches your website on the browser. Or sends a request for it, then that browser opens all the requests for your website with HTTPS.

Upgrade-Insecure-Requests – This header is an additional method of blocking forcefully requests made by your own domain on https://.

X-Content-Type-Options – This header is used to prevent “guess” by the browser. So that if a user uses any “.doc” extension on your website. Then the browser should show that user only the .doc file present in your website and not any other file.

X-XSS-Protection – If there is ever a reflected cross-site scripting (XSS) attack on your website. So this header will detect it and prevent the page of your website from being loaded.

Expect-CT, Certificate Transparency – This is related to SSL certificate, it is a Certificate Authority that has to log those certificates. Which are issued in a separate log or CT framework, so that online fraud can be stopped.

No Referrer When Downgrade Header – This sets the referrer to go only through the same protocol on which your website is set up on the protocol. That is, if your website is following the https:// protocol, then it will not follow the http:// protocol.

Learn here : How to fast index Blog Post in Google

How to Add Security Headers Manually?

Let’s friends now know how to fix “your .htaccess file does not contain all recommended security headers” issue that is showing in your WordPress. For this, first you have to login to the cpanel of your web hosting. After that you have to follow the steps given below.

First of all login to your web hosting’s cpanel account, then click on “File Manager”. So that the file manager of your website will be open as shown in the photo below.

cPanel File Manager Open
cPanel File Manager Open

As soon as you click on File Manager, a new tab will open in your browser, in which all the folders and files of your website will be shown. This will also show you the .htaccess file of your website, if you are not getting this show then it does not matter.

Because most hosting providers hide the .htaccess file so that users do not make any changes in it by mistake. So if you are not showing your .htaccess file, then first click on the option of “Settings” in the right side corner.

cPanel Show All Hidden Files
cPanel Show All Hidden Files

After that a small pop up window will open, in which you have to select “Show Hidden Files” check box and click on “Save” button. After which you will start showing all the hidden files present in your File Manager.

After that you have to click on your “public_html or wp-content” folder, after which you will start showing your .htaccess file in the right side. As we have shown you in the photo below.

Access .htaccess

Learn here : How to Transfer Blogger Blog to WordPress

After this, if you have any window show by right clicking on the .htaccess file, then simply click on the Edit button. After which your .htaccess file will open in the new tab of your browser. After that you have to copy paste the codes mentioned below one by one in your .htaccess before #END WORDPRESS. As we have shown you in the picture below.

CodesAdd in .htaccess File

# Really Simple SSL
Header always set X-Content-Type-Options "nosniff"
# End Really Simple SSL

# Really Simple SSL
Header always set X-XSS-Protection "1; mode=block"
# End Really Simple SSL

# Really Simple SSL
Header always set Expect-CT "max-age=7776000, enforce"
# End Really Simple SSL

# Really Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
# End Really Simple SSL

# Really Simple SSL
Header always set Content-Security-Policy "upgrade-insecure-requests"
# End Really Simple SSL

# Really Simple SSL
Header always set Referrer-Policy: "no-referrer-when-downgrade"
# End Really Simple SSL

After adding the codes to your .htaccess file, you simply save the settings made by you by clicking on the “Save Changes” button present on the right corner. After that you have to go back to your WordPress dashboard >> Site Health. After that you have to refresh your WordPress, hopefully now you will not be getting any error related to SSL.

Learn here : Best Blogging Tips

How to make About us Page for Blog

Hope friends, you must have liked this article of ours and it must have been very helpful for you too. If you have any question then you can ask us by commenting below. Or you can also contact us by sending an email to our business email address [email protected].

Leave a Comment