How To Add WordPress Missing Security Headers in .htaccess File

When we updated some plugins in our WordPress website. So we started getting some such errors showing that “your .htaccess file does not contain all recommended security headers” Well we fixed it in a few seconds.

But when we searched online about it, we did not get any information related to it. That’s why we are writing this article for those bloggers or website owners, who do their website or blogging.

Read More: How to Increase Traffic With Google Web Stories

So that if you are also showing similar errors in your WordPress site health. So you were able to fix those errors yourself and you do not have to face many problems. In this article, we will tell you how you can manually add recommended security headers to your website.

But before that, we would like you to get a little more information about these security headers. So that in the future, if you ever have any problem related to these security headers, then you can easily handle it yourself, so let’s start.

What are Security Headers

Below we are telling you about some special security headers and how you can manually add all those security headers. So let’s know about these security headers-

HSTS   Once this header is set on your domain, from then on whenever a user searches your website on the browser. Or sends a request for it, then that browser opens all the requests for your website with HTTPS.

Upgrade-Insecure-Requests – This header is an additional method of blocking forcefully requests made by your own domain on HTTPS://.

X-Content-Type-Options  – This header is used to prevent “guess” by the browser. So that if a user uses any “.doc” extension on your website. Then the browser should show that uses only the .doc file present in your website and not any other file.

X-XSS-Protection  – If there is ever a reflected cross-site scripting (XSS) attack on your website. So this header will detect it and prevent the page of your website from being loaded.

Expect-CT, Certificate Transparency – This is related to the SSL certificate, it is a Certificate Authority that has to log those certificates. Which are issued in a separate log or CT framework, so that online fraud can be prevented.

No Referrer When Downgrade Header  – This sets the referrer to go only through the same protocol on which your website is set up on the protocol. That is, if your website is following the HTTPS:// protocol, then it will not follow the HTTP:// protocol.

How to Add Security Headers Manually

how do you fix the issue “your .htaccess file does not contain all recommended security headers” showing in your WordPress? For this, first, you have to log in to the Cpanel of your web hosting. After that, you have to follow the steps given below.

First of all login into your web hosting’s CPanel account, then click on “File Manager”. So that the file manager of your website will be open as shown in the photo below.

cpanel file manager

As soon as you click on File Manager, a new tab will open in your browser, in which all the folders and files of your website will be shown. This will also show you the .htaccess file of your website, if you are not getting this show then it does not matter.

Because most hosting providers hide the .htaccess file so that users do not make any changes to it by mistake. So if you are not showing your .htaccess file, then first of all click on the option of “Settings” in the right side corner.

cpanel show all hidden files 1

After that, a small pop-up window will open, in which you have to select the “Show Hidden Files” check box and click on the “Save” button. After which all the hidden files present in your File Manager will start showing you.

After that, you have to click on your “public_html or wp-content” folder, after which you will start showing your .htaccess file on the right side. As we have shown you in the photo below.

htaccess file in file manager

After this, if you have any window show by right-clicking on the .htaccess file, then simply click on the Edit button. After which your .htaccess file will open in the new tab of your browser. After that, you have to copy-paste the codes mentioned below one by one into your .htaccess before #END WordPress. As we have shown you in the picture below.

# Really Simple SSL
Header always set X-Content-Type-Options "nosniff"
# End Really Simple SSL

# Really Simple SSL
Header always set X-XSS-Protection "1; mode=block"
# End Really Simple SSL

# Really Simple SSL
Header always set Expect-CT "max-age=7776000, enforce"
# End Really Simple SSL

# Really Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS 
# End Really Simple SSL

# Really Simple SSL
Header always set Content-Security-Policy "upgrade-insecure-requests"
# End Really Simple SSL

# Really Simple SSL
Header always set Referrer-Policy: "no-referrer-when-downgrade"
# End Really Simple SSL

After adding the codes to your .htaccess file, you simply save the settings made by you by clicking on the “Save Changes” button present in the right corner. After that you have to go back to your WordPress dashboard >> Site Health. After that you have to refresh your WordPress, hopefully, now you will not be getting any errors related to SSL.

friends, you must have liked this article of ours and it must have been very helpful for you. If you have any questions then you can ask us by commenting below. Or you can also contact us by sending an email to our business email address.

Leave a Comment