Title: Fix It Easy Security Headers Author: WP Fix It - WordPress Experts Published: Est 24, 2025 Last modified: Est 24, 2025 --- Search plugins ![](https://ps.w.org/fix-it-easy-security-headers/assets/banner-772x250.png?rev= 3349315) ![](https://ps.w.org/fix-it-easy-security-headers/assets/icon-256x256.gif?rev=3349315) # Fix It Easy Security Headers By [WP Fix It – WordPress Experts](https://profiles.wordpress.org/wpfixit/) [Download](https://downloads.wordpress.org/plugin/fix-it-easy-security-headers.1.1.zip) * [Details](https://cor.wordpress.org/plugins/fix-it-easy-security-headers/#description) * [Reviews](https://cor.wordpress.org/plugins/fix-it-easy-security-headers/#reviews) * [Installation](https://cor.wordpress.org/plugins/fix-it-easy-security-headers/#installation) * [Development](https://cor.wordpress.org/plugins/fix-it-easy-security-headers/#developers) [Support](https://wordpress.org/support/plugin/fix-it-easy-security-headers/) ## Description **WP Fix It Easy Security Headers** adds a simple page under **Tools Security Headers** where you can toggle common HTTP security headers: * **Strict-Transport-Security (HSTS)** * **Content-Security-Policy (CSP)** * **X-Frame-Options** * **X-Content-Type-Options** * **Referrer-Policy** * **Permissions-Policy** On activation, all headers are **enabled by default** and you’re redirected to the settings screen. For convenience, the page and the Plugins screen include a **“Check Headers”** button that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically from `home_url()`). ### Notes on CSP This plugin ships with a **permissive** default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site. ### Key Features * One-click toggles for popular headers * Dynamic “Check Headers” scan link * Uses the WordPress Settings API (nonce + capability checks) * Output escaping and sanitization following PHPCS ## Screenshots * [[ * Settings screen with header toggles and “Check Headers” button. ## Installation 1. Upload the plugin folder to `/wp-content/plugins/fix-it-easy-security-headers/` or install via Plugins Add New. 2. Activate the plugin. 3. You’ll be redirected to **Tools Security Headers**. Review and adjust toggles as needed. 4. (Optional) Click **Check Headers** to verify your headers on SecurityHeaders.com. ## FAQ ### Where do I manage the settings? Go to **Tools Security Headers**. ### What happens on activation? All header options are enabled and you’re redirected once to the settings page. ### Will this break my site? Most headers are safe defaults. The provided CSP is intentionally permissive; it shouldn’t block assets. For strict CSPs, tailor directives to your stack and test. ### Can I use this on multisite? Yes. The “Check Headers” URL is derived from `home_url()`. Activation redirect is skipped for network/bulk activations. ### Why don’t I see a “Settings saved” notice twice? The page prints only this plugin’s scoped settings messages to avoid duplicate notices. ### Can I customize the CSP? Yes. You can modify the `$csp` string in `security_headers_add_headers()` to fit your site’s needs. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Fix It Easy Security Headers” is open source software. The following people have contributed to this plugin. Contributors * [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/) [Translate “Fix It Easy Security Headers” into your language.](https://translate.wordpress.org/projects/wp-plugins/fix-it-easy-security-headers) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/fix-it-easy-security-headers/), check out the [SVN repository](https://plugins.svn.wordpress.org/fix-it-easy-security-headers/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/) by [RSS](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.1 * Initial release. * Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer- Policy, Permissions-Policy. * Activation enables all options and redirects to settings. * Dynamic SecurityHeaders.com scan link. ## Meta * Version **1.1** * Last updated **8 mis ago** * Active installations **10+** * WordPress version ** 5.8 or higher ** * Tested up to **6.8.5** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/fix-it-easy-security-headers/) * Tags * [csp](https://cor.wordpress.org/plugins/tags/csp/)[headers](https://cor.wordpress.org/plugins/tags/headers/) [hsts](https://cor.wordpress.org/plugins/tags/hsts/)[security](https://cor.wordpress.org/plugins/tags/security/) * [Advanced View](https://cor.wordpress.org/plugins/fix-it-easy-security-headers/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/) ## Contributors * [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/fix-it-easy-security-headers/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://www.wpfixit.com)