How to Enable HTTP STRICT TRANSPORT SECURITY (HSTS) on your WordPress Website?

Follow these steps: 

– Fire up your WordPress admin which is usually located at http(s)://domain.com/wp-admin
– Go to Appearance >> Editor in the Left Menu.
– Select your Theme, and go to functions.php(Right Panel)
– Add the following Code to your functions.php


add_action( 'send_headers', 'tgm_io_strict_transport_security' );
/**
* Enables the HTTP Strict Transport Security (HSTS) header.
*
* @since 1.0.0
*/
function tgm_io_strict_transport_security() {

header( 'Strict-Transport-Security: max-age=10886400' );

}

 

All Set!

Please note that this method should be followed only if your an active SSL Certificate on your Website and all http links are properly redirected to https.

 

Verification – 

Clear any cache on your website. (If you have any)
# Go to http://www.webconfs.com/http-header-check.php
# You should see Strict-Transport-Security: max-age=10886400 added to your headers. This header tells the browsers to not allow your website to load without a valid SSL Certificate.

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)