I was recently asked to look into creating some secure http headers as well as forcing a website to load over TLS1.2+. Below are my “how to” instructions for updating these settings within WordPress and Cloudflare.
- Install & Configure the Cloudflare WordPress plugin.
- Make sure an SSL Certificate is installed on your host for your domain (I use LetsEncrypt, but you can use any SSL provider).
How to Set up Cloudflare SSL for WordPress
Under SSL/TLS->Overview, select “Full (strict)”, make sure to click the “Enable Universal SSL”, then:
Under SSL/TLS->Edge Certificate, choose the following options:
Click the “Change HSTS Settings” or “Enable HSTS” and select the following options:
How to Configure http Security Headers in WordPress
- Install the Redirection WordPress plugin and add the Security and CORS presets via the “Site” menu option in that plugin:
Also, make sure to change x-frame-options to “sameorigin” to make sure Gravity Forms (and other plugins?) work properly:
More posts from themightymo.com
Whether you’re situated in Minneapolis, St. Paul, Illinois, New York, or any other corner of the globe, ensuring reliable WordPress Support is paramount for the continued success of your website. In this comprehensive guide, we will delve into the crucial role that WordPress support plays in your website’s journey to success.
Today I ran the SEM Rush Log File Analyzer tool, and it showed some interesting things that are a complete waste of our Google Crawl Budget. Specifically, I learned that Google is wasting some of our crawl budget on the /wp-includes/ directory, certain plugin directories, and cache directories. I also noticed random files being crawled…
In the vast, evolving world of web development and analytics, keeping up with terminologies and tools can sometimes feel like trying to chase a mischievous cat in a maze. You think you’ve got a grip, only for it to slip right through your fingers! Enter the mysterious “Measurement ID” from Google Analytics 4 (GA4), a…