HTTP Strict Transport Security (HSTS) for WP



Here’s a quick plugin that enables HSTS WordPress-wide. HSTS tells the browser to enforce the use of HTTPS on this website after the first HTTPS visit, avoiding possible further use of HTTP by mistake, that could lead to a MITM attack.

It’s available at


Place into your wp directory wp-content/plugin/hsts.php and enable the plugin in the WP plugin interface. Of course, this plugin only makes sense if you serve WP over HTTPS.

For more information about HSTS see: and