HTTP Strict Transport Security (HSTS) for WP¶
Here’s a quick plugin that enables HSTS WordPress-wide. HSTS tells the browser to enforce the use of HTTPS on this website after the first HTTPS visit, avoiding possible further use of HTTP by mistake, that could lead to a MITM attack.
It’s available at https://github.com/wp-plugins/hsts
Place into your wp directory wp-content/plugin/hsts.php and enable the plugin in the WP plugin interface. Of course, this plugin only makes sense if you serve WP over HTTPS.
For more information about HSTS see: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security and http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/