How to Enable HTTP STRICT TRANSPORT SECURITY (HSTS) on your WordPress Website?

Category : WordPress

As the internet grows, The security breaches grow as well, Its never a bad practice to enable security measures on your website.

To Enable HSTS or HTTP STRICT TRANSPORT SECURITY on your WordPress Website, Follow these steps:
– Fire up your WordPress admin which is usually located at http(s)://
– Go to Appearance >> Editor in the Left Menu.
– Select your Theme, and go to functions.php(Right Panel)
– Add the following Code to your functions.php
add_action( 'send_headers', 'tgm_io_strict_transport_security' );
* Enables the HTTP Strict Transport Security (HSTS) header.
* @since 1.0.0
function tgm_io_strict_transport_security() {

header( 'Strict-Transport-Security: max-age=10886400' );


All Set!
Please note that this method should be followed only if your an active SSL Certificate on your Website, and all http links are properly redirected to https.

Verification –
# Clear any cache on your website.(If you have any)
# Go to
# You should see Strict-Transport-Security: max-age=10886400 added to your headers. This headers tells the browsers to not allow your website to load without a valid SSL Certificate.

Best Regards