Follow these steps: 

– Fire up your WordPress admin which is usually located at http(s)://
– Go to Appearance >> Editor in the Left Menu.
– Select your Theme, and go to functions.php(Right Panel)
– Add the following Code to your functions.php

add_action( 'send_headers', 'tgm_io_strict_transport_security' );
* Enables the HTTP Strict Transport Security (HSTS) header.
* @since 1.0.0
function tgm_io_strict_transport_security() {

header( 'Strict-Transport-Security: max-age=10886400' );



All Set!

Please note that this method should be followed only if your an active SSL Certificate on your Website and all http links are properly redirected to https.


Verification – 

Clear any cache on your website. (If you have any)
# Go to
# You should see Strict-Transport-Security: max-age=10886400 added to your headers. This header tells the browsers to not allow your website to load without a valid SSL Certificate.


Was this answer helpful? 0 Users Found This Useful (0 Votes)