I was recently asked to look into creating some secure http headers as well as forcing a website to load over TLS1.2+. Below are my “how to” instructions for updating these settings within WordPress and Cloudflare.
- Install & Configure the Cloudflare WordPress plugin.
- Make sure an SSL Certificate is installed on your host for your domain (I use LetsEncrypt, but you can use any SSL provider).
How to Set up Cloudflare SSL for WordPress
Under SSL/TLS->Overview, select “Full (strict)”, make sure to click the “Enable Universal SSL”, then:
Under SSL/TLS->Edge Certificate, choose the following options:
Click the “Change HSTS Settings” or “Enable HSTS” and select the following options:
How to Configure http Security Headers in WordPress
- Install the Redirection WordPress plugin and add the Security and CORS presets via the “Site” menu option in that plugin:
Also, make sure to change x-frame-options to “sameorigin” to make sure Gravity Forms (and other plugins?) work properly:
Further Reading:
- TLS In WordPress by WP Speed Matters
- WP Beginner article about TLS and Secure Headers
From Toby’s Blog
- Why We Don’t Automate Our WordPress Hosting BusinessThere are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
- Fortify Your WordPress Site: Essential Security StepsSecuring your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…
- Master Your Site: Customizing WordPress ThemesJust as a house is more than bricks and mortar, a WordPress site is much more than simple code. It’s a cohesive structure built with various layers such as PHP, HTML, CSS, and other key elements. Customizing WordPress themes involves gaining an in-depth understanding of this structure, learning to inspect and adjust design elements with…
More posts from themightymo.com
The Ultimate Guide to WordPress Support: Why it’s Essential for Your Website’s Success
Whether you’re situated in Minneapolis, St. Paul, Illinois, New York, or any other corner of the globe, ensuring reliable WordPress Support is paramount for the continued success of your website. In this comprehensive guide, we will delve into the crucial role that WordPress support plays in your website’s journey to success.
How to optimize your Google Crawl Budget using SEM Rush Log File Analyzer and Rank Math SEO
Today I ran the SEM Rush Log File Analyzer tool, and it showed some interesting things that are a complete waste of our Google Crawl Budget. Specifically, I learned that Google is wasting some of our crawl budget on the /wp-includes/ directory, certain plugin directories, and cache directories. I also noticed random files being crawled…
Where is the Google Analytics Measurement ID?
In the vast, evolving world of web development and analytics, keeping up with terminologies and tools can sometimes feel like trying to chase a mischievous cat in a maze. You think you’ve got a grip, only for it to slip right through your fingers! Enter the mysterious “Measurement ID” from Google Analytics 4 (GA4), a…
From Toby’s Blog
- Why We Don’t Automate Our WordPress Hosting BusinessThere are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
- Fortify Your WordPress Site: Essential Security StepsSecuring your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…
- Master Your Site: Customizing WordPress ThemesJust as a house is more than bricks and mortar, a WordPress site is much more than simple code. It’s a cohesive structure built with various layers such as PHP, HTML, CSS, and other key elements. Customizing WordPress themes involves gaining an in-depth understanding of this structure, learning to inspect and adjust design elements with…