Tutorial: How to fix some final WordPress SSL settings

Joined
Oct 27, 2018
Messages
10
Best answers
0
Ratings
3
Points
3
#1
After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:
Code:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:
Code:
//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL cookie settings
 
Last edited:

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,615
Best answers
4
Ratings
455 13
Points
83
#2
After installing an SSL certificate and having the plugin Really Simple SSL on WordPress, there are still some errors (some things stay "disabled"). To fix them all, do this:

1. Enable HTTP Strict Transport Security (HSTS)

Open your .htaccess file in your root directory and add this:
Code:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

2. Set Secure Cookies

Add in the wp-config.php file in your root directory and add this:
Code:
//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL cookie settings
Hello,
HSTS header should not be enabled without understanding what is it, because when you enable HSTS, your site must continue to support HTTPS until the expiry time (max-age) has been reached.
Additional informations are available on https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security
 
Latest Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top