I was recently asked to look into creating some secure http headers as well as forcing a website to load over TLS1.2+. Below are my “how to” instructions for updating these settings within WordPress and Cloudflare.
- Install & Configure the Cloudflare WordPress plugin.
- Make sure an SSL Certificate is installed on your host for your domain (I use LetsEncrypt, but you can use any SSL provider).
How to Set up Cloudflare SSL for WordPress
Under SSL/TLS->Overview, select “Full (strict)”, make sure to click the “Enable Universal SSL”, then:
Under SSL/TLS->Edge Certificate, choose the following options:
Click the “Change HSTS Settings” or “Enable HSTS” and select the following options:
How to Configure http Security Headers in WordPress
- Install the Redirection WordPress plugin and add the Security and CORS presets via the “Site” menu option in that plugin:
Also, make sure to change x-frame-options to “sameorigin” to make sure Gravity Forms (and other plugins?) work properly:
Further Reading:
- TLS In WordPress by WP Speed Matters
- WP Beginner article about TLS and Secure Headers
From Toby’s Blog
- Where uncertainty exists, don’t order specific.4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
- “Now THAT was a good meeting!”A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]
- Never Respond to RFPs & Custom Proposal RequestsY'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]
More posts from themightymo.com
My WordPress Maintenance Process
A few quick things: My WordPress Maintenance Process Demo, Part 1 Transcript: You’ll see immediately after logging in, you see the 11 updates needed as well as some messages. I’m just gonna quickly read. It looks like this. I don’t need to worry about. Are you enjoying Monster Insights? Not really <laugh>. What’s to enjoy…
How to style FacetWP checkbox hierarchy results using jQuery
I recently invested many hours trying to target and style a FacetWP taxonomy facet that uses hierarchy for display. It should be noted that you can use straight up CSS for some styling (and should use css wherever possible), but sometimes you need javascript to target parent elements and such. I thought I’d document the…
How to fix SpinupWP ballooning disk space issue
A site we host on Digital Ocean recently went down. It took me a lot of troubleshooting and digging before realizing that the issue was that our disk space was maxed out on Digital Ocean. The site in question needs ~20gb of space, so our 50gb server should be plenty. But alas, there it was…
From Toby’s Blog
- Where uncertainty exists, don’t order specific.4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
- “Now THAT was a good meeting!”A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]
- Never Respond to RFPs & Custom Proposal RequestsY'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]