Website security always a concern if you are a website or blog owner. Thousands of websites get hackers due to security vulnerabilities, the misconfiguration or lack of protection.
If you are looking to protect your website from Clickjacking, code injection, Cryptocurrency Mining, XSS, etc. attacks then there are numerous other precautions that can be taken.
One example is implement HTTP security headers.
HTTP security headers help mitigate attacks and security vulnerabilities of the website. There are six different HTTP security headers;
• Content Security Policy
• HTTP Strict Transport Security (HSTS)
We recommend implementing if possible for better website protection.
How to Implement HTTP Security Headers?
Open your .htaccess file, add this to .htaccess file manually.
# HTTP security settings start
Header set Strict-Transport-Security: max-age=2592000;
Header set X-Frame-Options: SAMEORIGIN
Header set Referrer-Policy: no-referrer
Header set X-XSS-Protection: “1; mode=block”
Header set X-Content-Type-Options: nosniff
# HTTP security settings end
Save the file and upload to your website.
Note: You are advised to take a backup of .htaccess file prior making changes.
Go to test the website header by going to https://securityheaders.com/.
Key in the URL for website security check by scanning the website. It gives you’re the website or blog a score, based on present HTTP security headers, from an A+ grade down to an F grade.
Now TechGravy blog become from D grade up to A grade.
As for Content-Security-Policy HTTP header, it is not recommended to do any configuration caused it will block the statistics of Google API and traffic, especially your website is uses Google Analytics to track and reports traffic.
Alternatively, you can use a plugin such as Security Headers if you don’t want to implement them manually.
I hoped the instruction helps to make your website secure and safer if you take the proper precautions you can avoid being a victim of an attack.