Developer Guide
Abdal Security Headers is a WordPress plugin that enhances your website's security by implementing and managing HTTP security headers. This plugin provides a simple interface for configuring security headers and Content Security Policy (CSP) directives.
- π X-XSS-Protection header to prevent cross-site scripting attacks
- π‘οΈ X-Frame-Options header to prevent clickjacking
- π X-Content-Type-Options header to prevent MIME-type sniffing
- π Strict-Transport-Security (HSTS) header to enforce HTTPS connections
- π« Referrer-Policy header to control information leakage
- π Content Security Policy (CSP) with real-time preview and configuration
- π Visual CSP directive editor
- ποΈ Real-time CSP header preview
- π¨ CSP directive syntax highlighting
- β CSP syntax validation
- π CSP violation reporting configuration
- π Hide WordPress version information
- β‘ Remove unnecessary headers
- π XML-RPC protection
- π REST API access control
- π’ Hide server information
- π« Modern UI with iOS-style switches
- ποΈ Accordion sections for better organization
- π Full RTL support for multilingual sites
- π‘ Helpful tooltips and documentation
- π― User-friendly settings panel
- π± Mobile-responsive admin interface
- π Settings import/export capability
- π Security event logging
- βοΈ Fine-grained control over each security feature
- π οΈ Developer-friendly hooks and filters
- Upload plugin files to
/wp-content/plugins/abdal-security-headers - Activate the plugin through WordPress plugins screen
- Use
Settings -> Security Headersto configure the plugin
- Go to
Settings -> Security Headersin WordPress admin panel - Enable/disable security headers using the switches
- Configure CSP directives if needed
- Save settings
- WordPress 5.0 or higher
- PHP 7.2 or higher
- Modern web browser for admin interface
If you encounter any issues or need configuration help, please contact us at Prof.Shafiei@Gmail.com. You can also report issues on GitLab or GitHub.
If you found this project helpful and would like to support further development, please consider making a donation:
Made with love by Ebrahim Shafiei (EbraSha)
- Email: Prof.Shafiei@Gmail.com
- Telegram: @ProfShafiei
This project is licensed under GPLv2 or later - see the LICENSE file for details.
- Introduction
- Installation & Setup
- Project Structure
- Key APIs and Functions
- Contribution Guide
- Troubleshooting
The Abdal Security Headers plugin is a security enhancement tool for WordPress that provides management of security headers and additional security features.
- Clone the repository:
git clone https://github.com/ebrasha/abdal-security-headers.git- Install dependencies:
composer install- Copy files to WordPress plugins folder
abdal-security-headers/
βββ docs/ # Documentation
βββ includes/ # Core classes
β βββ class-ash-admin.php # Admin panel management
β βββ class-ash-headers.php # Headers implementation
βββ languages/ # Translation files
βββ assets/ # CSS and JS files
βββ abdal-security-headers.php # Main plugin file
Responsible for managing security headers and security features:
// Set security headers
public function set_security_headers()
// Disable XML-RPC
public function ash_block_xmlrpc_access()
// Restrict REST API
public function ash_disable_rest_api()Manages admin panel interface:
// Create settings page
public function create_admin_page()
// Register settings
public function page_init()- Create a new branch for feature or bug fix
- Make your changes
- Run tests
- Create Pull Request
- Enable WP_DEBUG in wp-config.php
- Check error logs
- Use security headers checking tools like SecurityHeaders.com
For more information, visit the complete documentation.