HTTP Strict Transport Security (HSTS) for WP

Date:2011-04-13

Here’s a quick plugin that enables HSTS WordPress-wide. HSTS tells the browser to enforce the use of HTTPS on this website after the first HTTPS visit, avoiding possible further use of HTTP by mistake, that could lead to a MITM attack.

It’s available at https://github.com/wp-plugins/hsts

Instructions

Place into your wp directory wp-content/plugin/hsts.php and enable the plugin in the WP plugin interface. Of course, this plugin only makes sense if you serve WP over HTTPS.

For more information about HSTS see: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security and http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/