CSP-ANTS&ST

Описание

For a perfectly secured website, you have to avoid ‘unsafe-eval’ and ‘unsafe-inline’ in your content-security-policy header.
This plugin add nonces to script/style tags and add those nonces to the content-security-policy header, so your website will be more secure, even if there are other actions to perform in order to have a very strong protection.

Features

There are no settings, it’s a plug and play plugin.
This plugin automaticallly:
— add a nonce to each script and style tag and a sha256 hash to online events (onload / onclick)
— generate Content Security Policy header with all nonces and hashes + basics (base-uri ‘self’, google fonts, gravatar, maxcdn.bootstrapcdn…)

Tested / Works with no cache system, WP Rocket on Plesk (Nginx/Apache webserver) and Lscache (Openlitespeed/Litespeed webserver)
Should work elsewhere, just say me and I’ll add your setup to this list.

Requirements

  • WordPress 5.0 or higher.

Установка

  • Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation or install it directly from your dashboard and then activate the plugin from Plugins page.
  • There’s not options page, simply install and activate.

Часто задаваемые вопросы

Is there something to do after install?

Yes, just activate it!

Отзывы

08.09.2022
The plugin works as advertised however, it does not let you modify the CSP header resulting in a less than ideal CSP header. The header this plugin serves provides no protection against clickjacking and allows all external scripts.
14.07.2022
This is the most 'straight to the point' CSP tool that I've found. So far, so go.
Посмотреть все 3 отзыва

Участники и разработчики

«CSP-ANTS&ST» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:

Участники

Перевести «CSP-ANTS&ST» на ваш язык.

Заинтересованы в разработке?

Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.

Журнал изменений

1.0

  • Initial release