Enhanced Website Security

Easily configure Content Security Policy headers for your WordPress site to protect against malicious attacks.

Customized CSP Headers

Set different CSP headers for your site's admin interface, logged-in users, and regular visitors for tailored security measures.

Individual Policy Control

Enable, enforce, report, or disable CSP directives to have complete control over your site's security policies.

User-Friendly Interface

Configure your site's CSP easily with a simple and intuitive interface, without the need for technical expertise.

Author’s Site

This plugin’s development happens in its GitHub repo. Feel free to send bug reports there.

1.2.1

Fix error caused by improperly checking the chosen CSP mode when outputting headers (thanks @reatlat).

1.2.0

Improved UI, with CSP directives divided into collapsible categories.
Add all remaining non-deprecated CSP directives.
Warn if enabling upgrade-insecure-requests on a site that does not support HTTPS.
Sanitize directives on save and disallow newlines in header content.
Various internal improvements.

1.1.0

This is a relatively small update, that only contains a few more CSP directives. The next update will contain even more, along with an updated user interface.

Add some commonly used CSP headers that were missing (thanks Master Dan).
Add some other user requested directives.
Fix some translator comments.

1.0.0

First version.

Support for different policies for admin, logged-in frontend and regular visitors.
Different policies can have different reporting/enforcing mode.
Directives can be configured separately, to easier see what is allowed in which cases.
Support for configuring the Report-To header.

Report To not working

By ningmorris on July 13, 2023

Hello,

Since report-uri is no longer recommended anymore, I need to use report-to to send CSP reports. But for reason, it doesn't send reports with report-to. My CSP settings are as follows:

In Policy: report-to filed, I filled in csp-endpoint , in Frontend Policy Report-To Header field, I filled in the following JSON data

{
  "group": "csp-endpoint",
  "max_age": 10886400,
  "endpoints": [
    {
      "url": "{CSP REPORT ENDPOINT}"
    }
  ]
}

After saving changes in the CMS, all the commas disappeared in Frontend Policy Report-To Header field.

{   "group": "csp-endpoint"   "max_age": 10886400   "endpoints": [     {       "url": "{CSP REPORT ENDPOINT}"     }   ] }

I am wondering if you can help to take a look at it, thanks! Note: I have no problem with report-uri.

kills all CSS styles

By rintelengrafik on February 18, 2023

As soon as I leave the backend the view of my side is without any CSS. Only the plain HTML.

Very helpful and useful plugin. do you provide filters ?

By buzibuzi on January 25, 2023

We are really happy with this plugin.
im wondering if you provide a filter so i can merge some dynamic 'nonce-xx' to the policy header. this could be very very useful.

I like all the options for logged-in versus anonymous and report-only

By Jason Robinson (jsrobinson) on April 10, 2022

This plugin is well thought out and does what I need it to. It has also helped me troubleshoot other website's CSP that wasn't working correctly, and the documentation is solid if brief.

Extraordinaire !

By jeebeezebee on November 1, 2021

Ce plugin m;a fait gagner des heures de travail.

Great plugin to manage CSP

By c3idesign on May 14, 2021

Great plugin, thank you.

More Reviews

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

No. 1 Plugin for malware removal – Ultra-precision, comprehensive, detects viruses, infections & over 50,000+ security threats & vulnerabilities.

Try Demo More Details

WPScan – WordPress Security Scanner

WPScan WordPress Security Scanner – Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.