How to Enable HTTP STRICT TRANSPORT SECURITY (HSTS) on your WordPress Website?

Category : wordpress

As the internet grows, The security breaches grow as well, Its never a bad practice to enable security measures on your website.

To Enable HSTS or HTTP STRICT TRANSPORT SECURITY on your WordPress Website, Follow these steps:
– Fire up your WordPress admin which is usually located at http(s)://domain.com/wp-admin
– Go to Appearance >> Editor in the Left Menu.
– Select your Theme, and go to functions.php(Right Panel)
– Add the following Code to your functions.php
add_action( 'send_headers', 'tgm_io_strict_transport_security' );
/**
* Enables the HTTP Strict Transport Security (HSTS) header.
*
* @since 1.0.0
*/
function tgm_io_strict_transport_security() {

header( 'Strict-Transport-Security: max-age=10886400' );

}

All Set!
Please note that this method should be followed only if your an active SSL Certificate on your Website, and all http links are properly redirected to https.

Verification –
# Clear any cache on your website.(If you have any)
# Go to http://www.webconfs.com/http-header-check.php
# You should see Strict-Transport-Security: max-age=10886400 added to your headers. This headers tells the browsers to not allow your website to load without a valid SSL Certificate.

~
Best Regards