Security Headers & Caching
by Studio Be4 on WordPress.org
Enhance your WordPress site security with HTTP security headers and improve performance with smart caching. Works with all hosting providers.
Main settings page with all security header options
Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more.
Key Features
- Easy Configuration – Simple admin interface to enable/disable security headers
- Multiple Security Headers – Comprehensive security header support
- Smart Caching – Configurable cache duration for better performance
- Universal Compatibility – Works with all hosting providers
- No Conflicts – Compatible with popular security and caching plugins
- Translation Ready – Full internationalization support
Security Headers Included
- X-Powered-By – Removes server technology information to prevent targeted attacks
- Content-Security-Policy (CSP) – Controls which resources can be loaded to prevent XSS attacks
- Strict-Transport-Security (HSTS) – Forces HTTPS connections for enhanced security
- X-XSS-Protection – Enables XSS filtering in older browsers
- X-Frame-Options – Prevents clickjacking attacks by controlling iframe embedding
- X-Content-Type-Options – Prevents MIME type sniffing
- Referrer-Policy – Controls how much referrer information is shared
- Permissions-Policy – Controls browser features and APIs
Caching Features
- Configurable cache duration (seconds)
- Automatic cache headers management
- Compatible with CDN services
- No conflict with existing cache plugins
Why Security Headers Matter
Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against:
- Cross-Site Scripting (XSS) attacks
- Clickjacking attempts
- Code injection attacks
- MIME type sniffing
- Protocol downgrade attacks
- And much more…
Developer Friendly
The plugin provides filters for developers to customize headers:
shc_security_headers– Filter to modify security headers array
Test Your Security
After installing and configuring the plugin, test your site’s security at:
* Security Headers
* Mozilla Observatory
Privacy
This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server.
Developer Documentation
Filters
shc_security_headers
Modify the security headers before they are sent.
add_filter( 'shc_security_headers', function( $headers ) {
// Add custom header
$headers['X-Custom-Header'] = 'custom-value';
// Modify existing header
$headers['X-Frame-Options'] = 'DENY';
return $headers;
} );
Constants
SHC_VERSION– Plugin version numberSHC_PLUGIN_DIR– Plugin directory pathSHC_PLUGIN_URL– Plugin directory URLSHC_PLUGIN_BASENAME– Plugin basename
Support
For support, feature requests, or bug reports, please visit:
* Plugin Website
Credits
Developed by Studio Be4 – Web Design & Development Agency
License
This plugin is licensed under the GPLv2 or later.
