How to setup HTTP Security Headers on WordPress

The 1-click way to instantly add HTTP Security Headers for WordPress

The Importance of HTTP Security Headers in WordPress

In today’s digital age, the security of your small business website is paramount. With cyber threats on the rise, implementing robust security measures is not just a luxury but a necessity. One such measure is the use of HTTP security headers for WordPress. In this blog post, we’ll delve deep into the world of HTTP security headers, their significance, and how you can integrate them into your WordPress website to ensure maximum protection.

  • 62% of the top 100 fastest growing companies in the US (Inc. 5000) use WordPress
  • Over 500 new sites are created daily using the free version of
  • Seventy million new blog posts pop up every month.
  • There are currently over 455 million sites that use WordPress.

HTTP Security Headers for WordPress is so important for protecting your website.
WordPress accounts for almost half of the internet! That’s why adding HTTP Security Headers for WordPress is so important for protecting your website.

Why Every Small Business Should Prioritize HTTP Security Headers for WordPress

The Threat Landscape

WordPress, being a leading Content Management System, is a magnet for hackers. With billions of exploitation attempts recorded annually, small business owners cannot afford to be complacent. Cyber attacks can lead to data breaches, loss of customer trust, and significant financial setbacks.

The Role of HTTP Security Headers for WordPress

HTTP security headers are your website’s silent guardians. They provide specific directives to browsers on how to behave when interacting with your site, ensuring that potential vulnerabilities are not exploited. These headers act as barriers, preventing certain types of cyber attacks that can compromise your website’s integrity and the data it holds.

For small businesses, this means:

  • Protecting Customer Data: Your customers trust you with their data. Breaches can lead to loss of trust, legal repercussions, and financial losses.
  • Maintaining Brand Reputation: A secure website ensures that your brand’s reputation remains untarnished. A single security incident can lead to negative publicity and loss of business.
  • Ensuring Business Continuity: Cyber attacks can disrupt your online operations. By implementing security headers, you reduce the risk of unplanned down times.

Implementing HTTP Security Headers for WordPress with the Redirection Plugin

While there are multiple ways to add security headers to your site, the Redirection Plugin offers a straightforward method, especially for those not well-versed in coding. Here’s a detailed look at the five key HTTP security headers and their significance:

  1. X-Frame-Options (XFO):
    • Purpose: Protects against clickjacking attacks.
    • How It Works: It dictates how content can be embedded into other sites. By default, it prevents your site’s content from being displayed in frames on other websites.
    • Business Implication: Prevents malicious actors from tricking your users into clicking something different from what the user perceives, protecting both you and your customers from potential fraud.
  2. X-XSS-Protection:
    • Purpose: Stops pages from loading when a XSS (Cross-Site Scripting) attack is detected.
    • How It Works: It identifies and blocks malicious scripts injected into web pages.
    • Business Implication: Protects your website from being used as a medium to spread malware or steal user data.
  3. X-Content-Type-Options:
    • Purpose: Defense against content sniffing attacks.
    • How It Works: Ensures browsers render files as declared and don’t guess file types, preventing malicious file executions.
    • Business Implication: Stops hackers from disguising malicious files as safe ones, ensuring the integrity of your website’s content.
  4. Content-Security-Policy (CSP):
    • Purpose: Shields against various common attacks, like Cross-Site Scripting (XSS) and data injection attacks.
    • How It Works: Dictates which external resources can be loaded and executed by browsers.
    • Business Implication: Ensures that only trusted sources of content are loaded, keeping your website free from malicious injections.
  5. Referrer-policy:
    • Purpose: Controls the amount of referral data sent when a user clicks on a link to another site.
    • How It Works: Limits the information about your site that’s shared with other websites.
    • Business Implication: Protects user privacy and sensitive data from being inadvertently shared.

How to Set Up the Redirection Plugin

Redirection is a plugin that manages how hyperlinks are handled within your site. It comes with various preset HTTP security headers for WordPress that you can add with a single click.

Before you do anything, create a backup of your website. That way you can undo if anything goes wrong.

Install and activate the plugin, then go to:

Tools -> Redirection -> Start Setup
wordpress redirection setup

Once you get to the next page, specify whether Redirection should automatically create a redirect if you change a permalink of a post or page. This is helpful at avoiding 404 errors. Click through the Basic Setup until you complete the recommended tasks.

redirection configure settings

Now that you have Redirection setup, go to:

Tools -> Redirection -> Site

Scroll down to the HTTP Headers section and click on the Add Header dropdown. Select Add Security Presets.

add security presets

Then click on the Add Security Presets button again and this will use Redirection’s selection of default security HTTP headers. Boom 💥 1-click HTTP Security Headers for WordPress!

wordpress security presets

You’re done! 🥳 Hit update and reload the web page to see if it has been updated. Check to make sure your pages look normal and that your links and content function as expected. If you have issues, you can disable/re-enable each preset one by one to figure out what went wrong.

Check your Cyber Score for Website Security Settings

Reload your Cyber Score and look at the Website Security Settings criteria. If Redirection did its job, you will have a perfect score here 💯


In the digital realm, the security of your small business website is as crucial as locking the doors to your physical storefront. HTTP security headers for WordPress offer an added layer of protection, ensuring that your business, reputation, and customers remain safe. By understanding and implementing these headers, especially with user-friendly tools like the Redirection plugin, you’re taking a significant step towards a more secure online presence.

Share this blog