Add HSTS and Preload via PHP Snippet

Hi,

HSTS is a very strong security barrier that should be enabled on any WordPress Website using SSL and/or TLS. With this snippet, your HSTS Header is being set with a lifetime of one year. It also add HSTS Preload, which you can verify, once added to your functions.php file, by visiting https://hstspreload.org/.

Add the following snippet to your functions.php, or via a Code Snippets Plugin.

function add_security_headers() {
    header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
}
add_action('send_headers', 'add_security_headers');

Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *