My immunity is strong.

How To Enable HTTP Strict Transport Security in WordPress

Learn How to Implement HTTP Strict Transport Security aka HSTS
Learn How to Implement HTTP Strict Transport Security aka HSTS

HTTP Strict Transport Security (HSTS) is a response header which ensures that visitors through web browsers and user agents always connect to your WordPress blog over HTTPS even if a protocol is not specified.

It is works like a 301 redirect, but at the browser level. This is what makes it very fast.

HSTS header tells the browser to connect the current domain only over HTTPS.

This makes HSTS far better than 301 redirects, which are unsecure during their first visit.

Currently major browsers like Internet Explorer, Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari, Opera support HTTP Strict Transport Security (HSTS).

HTTP Strict Transport Security (HSTS) Benefits

  • Helps prevent man-in-the-middle attacks and cookie hijacking.
  • Helps avoid mixed content issue.
  • Does not allow a user to override the invalid certificate warnings.
  • Can be preloaded via browsers by listing your domain with them.
  • To avoids insecure redirects from HTTP to HTTPS.
  • Also improves WordPress blog speed by eliminating a redirect.

Enable HTTP Strict Transport Security (HSTS) in htaccess

# Enable HSTS on WordPress blog
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

The “max-age” flag specifies the time in seconds this policy is cached in the browser.

The “includeSubDomains” flag instructs browsers to apply this policy to all sub domains as well.

The “preload” flag indicates that the site wants to be added to the HSTS preload list.

“env=HTTPS” ensures that HSTS is only enabled on secure [https] version and not on unsecure [http] version of your WordPress blog.

Enable HTTP Strict Transport Security (HSTS) in Nginx

# Enable HSTS on WordPress blog
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

Example of HTTP Strict Transport Security (HSTS)

Want to see HSTS in action?
Just type in Google Chrome browser.
And you will see secure version of my WordPress blog.

Have you enabled HSTS on your site? If no, do it now.

Join Our Newsletter

Subscribe to get our latest content by email.

    We won't send you spam. Unsubscribe at any time.

    Thank you my dear friend for coming here.