EN 
PL 
DE 
HTTP security headers are an important aspect of server configuration that help protect your WordPress site from various types of attacks. To add these headers, you can use a variety of methods, including editing the .htaccess file, creating custom PHP codes, or using dedicated WordPress plugins. In this article we will discuss several such methods.
1. Edit the .htaccess file
The most direct way to add HTTP security headers is to edit the .htaccess file of your WordPress site. The .htaccess file is an Apache configuration file that allows you to customize server settings for a specific directory. Here's an example of how to add security headers using an .htaccess file:
Header set X-Content-Type-Options nosniff Header set X-XSS-Protection "1; mode=block" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"Note: Remember to always back up your .htaccess file before making any changes. Incorrectly editing this file may cause problems with the operation of your website.
2. Adding security headers using PHP code
You can also add security headers directly to your WordPress code using PHP functions. Here's an example of how to do it:
function add_security_headers() { header('X-Content-Type-Options: nosniff'); header('X-XSS-Protection: 1; mode=block'); header('Strict-Transport-Security: max-age=31536000; includeSubDomains'); } add_action('send_headers', 'add_security_headers');This code adds the same headers as the .htaccess example above. You can place it in your theme's functions.php file.
3. Using a WordPress plugin to manage security headers
If you prefer to avoid directly editing configuration files or code, you can choose to use a WordPress plugin to add security headers. There are various plugins for this purpose, but one of the most popular is “HTTP Headers”.
HTTP Headers is a WordPress plugin that allows you to easily add various HTTP headers to your site. You can add and personalize various headers such as 'Strict-Transport-Security', 'Content-Security-Policy', 'X-Content-Type-Options', 'X-XSS-Protection' and many more.
In summary, adding HTTP security headers is a key part of securing your WordPress site. You can do this via an .htaccess file, directly via PHP code, or using a dedicated WordPress plugin. Whichever method you choose, it's important to always monitor your site for possible issues and update your security settings regularly.