Title: Security Headers Author: SimonRWaters Published: 10 april 2015 Last modified: 26 februari 2019 --- Plugins zoeken ![](https://ps.w.org/security-headers/assets/banner-772x250.png?rev=1467219) Deze plugin **is niet getest met de laatste 3 grotere versies van WordPress**. Mogelijk wordt het niet meer onderhouden of ondersteund. Ook kunnen er compatibiliteitsproblemen ontstaan wanneer het wordt gebruikt met recentere versies van WordPress. ![](https://ps.w.org/security-headers/assets/icon-128x128.png?rev=1467219) # Security Headers Door [SimonRWaters](https://profiles.wordpress.org/simonrwaters/) [Download](https://downloads.wordpress.org/plugin/security-headers.zip) * [Details](https://nl.wordpress.org/plugins/security-headers/#description) * [Beoordelingen](https://nl.wordpress.org/plugins/security-headers/#reviews) * [Installatie](https://nl.wordpress.org/plugins/security-headers/#installation) * [Ontwikkeling](https://nl.wordpress.org/plugins/security-headers/#developers) [Ondersteuning](https://wordpress.org/support/plugin/security-headers/) ## Beschrijving TLS is growing in complexity. Server Name Indication (SNI) now means HTTPS sites may be on shared IP addresses, or otherwise restricted. For these servers it is handy to be able to set desired HTTP headers without access to the web servers configuration or using .htaccess file. This plug-in exposes controls for: * HSTS (Strict-Transport-Security) * HPKP (Public-Key-Pins) * Disabling content sniffing (X-Content-Type-Options) * XSS protection (X-XSS-Protection) * Clickjacking mitigation (X-Frame opties in hoofdsite) * Expect-CT HSTS is used to ensure that future connections to a website always use TLS, and disallowing bypass of certificate warnings for the site. HPKP is used if you don’t want to rely solely on the Certificate Authority trust model for certificate issuance. Disabling content sniffing is mostly of interest for sites that allow users to upload files of specific types, but that browsers might be silly enough to interpret of some other type, thus allowing unexpected attacks. XSS protection re-enables XSS protection for the site, if the user has disabled it previously, and sets the “block” option so that attacks are not silently ignored. “Clickjacking” bescherming is normaal alleen aan de orde als iemand is ingelogd. Echter is deze optie door gebruikers aangevraagd. Waarschijnlijk omdat zij “rich content” willen beschermen die buiten de WordPress Authenticatie valt. Expect-CT wordt gebruikt om ervoor te zorgen dat de “Certificate Transparency” correct geconfigureerd is. ## Installatie 1. Upload “security_headers.php” naar de “/wp-content/plugins/” folder. 2. Activeer de plugin via het “Plugins” menu in WordPress. ## Beoordelingen ![](https://secure.gravatar.com/avatar/7514e96f5f92c51058b91eb215e4221897eaabdc64e6f005e9a00c9f64d68bd2? s=60&d=retro&r=g) ### 󠀁[Incompatible with Tawk.to](https://wordpress.org/support/topic/incompatible-with-tawk-to/)󠁿 [krsi78](https://profiles.wordpress.org/krsi78/) 14 mei 2020 Just a quick warning: if you enable this plugin, the Tawk.to widget is no longer displayed in Chrome, Firefox and Safari. Edge is not affected (yet?). ![](https://secure.gravatar.com/avatar/e8289bcbef3b84e15978ecd7d61b7e5a670205ed893f46dd1619f72c5f19c2a7? s=60&d=retro&r=g) ### 󠀁[Perfect](https://wordpress.org/support/topic/perfect-5823/)󠁿 [flch](https://profiles.wordpress.org/flch/) 11 februari 2019 Works great and makes security much easier. Thanks for this great plugin! ![](https://secure.gravatar.com/avatar/7709bddfa73a181bf2248fb13474e8ef164638a2c4b1296948929c1fe190826e? s=60&d=retro&r=g) ### 󠀁[handles these security points no one else does](https://wordpress.org/support/topic/handles-these-security-points-no-one-else-does/)󠁿 [tone_milazzo](https://profiles.wordpress.org/tone_milazzo/) 21 juni 2018 My topic can’t be empty so I’m writing this to fill it. ![](https://secure.gravatar.com/avatar/58d4f86f8302099fc2ca5d2da21b7e161c5de34ecf7039b6be33ec11a2f75d35? s=60&d=retro&r=g) ### 󠀁[Excellent](https://wordpress.org/support/topic/excellent-5036/)󠁿 [bozon](https://profiles.wordpress.org/bozon/) 19 juni 2017 2 reacties Works really well! Tested with [link removed] For the future releases it would be good to include Content-Security-Policy and the forthcoming Expect-CT options. ![](https://secure.gravatar.com/avatar/b063142a541de8a7f5fa3c3a6d2f1d789c76757429e1564817db69b7c9006f89? s=60&d=retro&r=g) ### 󠀁[Perfect](https://wordpress.org/support/topic/perfect-4081/)󠁿 [WebBever](https://profiles.wordpress.org/webbever/) 26 mei 2017 Easy to use, works like a charm! ![](https://secure.gravatar.com/avatar/182886ecc0bf0de1ef7617aba1c0234a9b6d40f9d46c7e437399746ae2c4c619? s=60&d=retro&r=g) ### 󠀁[Excellent plugin, easy to use.](https://wordpress.org/support/topic/excellent-plugin-easy-to-use-5/)󠁿 [tjdurden](https://profiles.wordpress.org/tjdurden/) 3 september 2016 1 reactie Thanks for this. Very easy to install and configure. [ Lees alle 8 beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/) ## Bijdragers & ontwikkelaars “Security Headers” is open source software. De volgende personen hebben bijgedragen aan deze plugin. Bijdragers * [ SimonRWaters ](https://profiles.wordpress.org/simonrwaters/) * [ Simon Waters ](https://profiles.wordpress.org/simon-waters/) [Vertaal “Security Headers” in je eigen taal.](https://translate.wordpress.org/projects/wp-plugins/security-headers) ### Interesse in ontwikkeling? [Bekijk de code](https://plugins.trac.wordpress.org/browser/security-headers/), haal de [SVN repository](https://plugins.svn.wordpress.org/security-headers/) op, of abonneer je op het [ontwikkellog](https://plugins.trac.wordpress.org/log/security-headers/) via [RSS](https://plugins.trac.wordpress.org/log/security-headers/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.1 Fix missing close anchor which breaks recent WordPress #### 1.0 Add support for wp-login.php page Add support for Expect-CT header #### 0.9 Removed unnecessary whitespace in HSTS header (thanks Thomas) Added Referrer-Policy header Corrected plugins name from “HTTP Headers” to “Security Header” (thanks Jamie) Removed trailing semi-colon from X-XSS-Protection (it worked but not needed) #### 0.8 Add headers to admin section of WordPress Added option to set the X-Frame-Options headers to main site Added HSTS Preload header (thanks to Jamie) #### 0.7 Add report-uri Fix handling of non-numeric blank strings for HPKP max-age #### 0.6 HPKP support Check for TLS before emitting HSTS or HPKP headers #### 0.5 Change h2 for h1 for accessibility per #31650 #### 0.4 License change Clarify wording for XSS protection in readme #### 0.3 Prepare for release #### 0.2 Added Sonarqube file and formatting changes #### 0.1 * Eerste release. ## Meta * Versie **1.1** * Laatst geüpdatet **7 jaar geleden** * Actieve installaties **4.000+** * WordPress versie ** 3.8.1 of nieuwer ** * Getest t/m **5.1.22** * PHP versie ** 5.6 of nieuwer ** * Taal * [English (US)](https://wordpress.org/plugins/security-headers/) * Tags * [hsts](https://nl.wordpress.org/plugins/tags/hsts/)[https](https://nl.wordpress.org/plugins/tags/https/) [nosniff](https://nl.wordpress.org/plugins/tags/nosniff/)[tls](https://nl.wordpress.org/plugins/tags/tls/) * [Geavanceerde weergave](https://nl.wordpress.org/plugins/security-headers/advanced/) ## Waarderingen 5 van 5 sterren. * [ 8 5 sterren beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=5) * [ 0 4 sterren beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=4) * [ 0 3 sterren beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=3) * [ 0 2 sterren beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=2) * [ 0 1 sterren beoordelingen ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-headers/reviews/#new-post) [Bekijk alle beoordelingen](https://wordpress.org/support/plugin/security-headers/reviews/) ## Bijdragers * [ SimonRWaters ](https://profiles.wordpress.org/simonrwaters/) * [ Simon Waters ](https://profiles.wordpress.org/simon-waters/) ## Ondersteuning Iets te melden? Hulp nodig? [Het supportforum bekijken](https://wordpress.org/support/plugin/security-headers/)