Title: Security Headers Author: SimonRWaters Published: 2015년 4월 10일 Last modified: 2019년 2월 26일 --- 플러그인 검색 ![](https://ps.w.org/security-headers/assets/banner-772x250.png?rev=1467219) 이 플러그인은 **최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다**. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다. ![](https://ps.w.org/security-headers/assets/icon-128x128.png?rev=1467219) # Security Headers 작성자: [SimonRWaters](https://profiles.wordpress.org/simonrwaters/) [다운로드](https://downloads.wordpress.org/plugin/security-headers.zip) * [세부사항](https://ko.wordpress.org/plugins/security-headers/#description) * [평가](https://ko.wordpress.org/plugins/security-headers/#reviews) * [설치](https://ko.wordpress.org/plugins/security-headers/#installation) * [개발](https://ko.wordpress.org/plugins/security-headers/#developers) [지원](https://wordpress.org/support/plugin/security-headers/) ## 설명 TLS is growing in complexity. Server Name Indication (SNI) now means HTTPS sites may be on shared IP addresses, or otherwise restricted. For these servers it is handy to be able to set desired HTTP headers without access to the web servers configuration or using .htaccess file. This plug-in exposes controls for: * HSTS (Strict-Transport-Security) * HPKP (Public-Key-Pins) * Disabling content sniffing (X-Content-Type-Options) * XSS protection (X-XSS-Protection) * Clickjacking mitigation (X-Frame-Options in main site) * Expect-CT HSTS is used to ensure that future connections to a website always use TLS, and disallowing bypass of certificate warnings for the site. HPKP is used if you don’t want to rely solely on the Certificate Authority trust model for certificate issuance. Disabling content sniffing is mostly of interest for sites that allow users to upload files of specific types, but that browsers might be silly enough to interpret of some other type, thus allowing unexpected attacks. XSS protection re-enables XSS protection for the site, if the user has disabled it previously, and sets the “block” option so that attacks are not silently ignored. Clickjacking protection is usually only relevant when someone is logged in but users requested it, presumably they have rich content outside of WordPress authentication they wish to protect. Expect-CT is used to ensure Certificate Transparency is configured correctly. ## 설치 1. Upload “security_headers.php” to the “/wp-content/plugins/” directory. 2. Activate the plugin through the “Plugins” menu in WordPress. ## 후기 ![](https://secure.gravatar.com/avatar/7514e96f5f92c51058b91eb215e4221897eaabdc64e6f005e9a00c9f64d68bd2? s=60&d=retro&r=g) ### 󠀁[Incompatible with Tawk.to](https://wordpress.org/support/topic/incompatible-with-tawk-to/)󠁿 [krsi78](https://profiles.wordpress.org/krsi78/) 2020년 5월 14일 Just a quick warning: if you enable this plugin, the Tawk.to widget is no longer displayed in Chrome, Firefox and Safari. Edge is not affected (yet?). ![](https://secure.gravatar.com/avatar/e8289bcbef3b84e15978ecd7d61b7e5a670205ed893f46dd1619f72c5f19c2a7? s=60&d=retro&r=g) ### 󠀁[Perfect](https://wordpress.org/support/topic/perfect-5823/)󠁿 [flch](https://profiles.wordpress.org/flch/) 2019년 2월 11일 Works great and makes security much easier. Thanks for this great plugin! ![](https://secure.gravatar.com/avatar/7709bddfa73a181bf2248fb13474e8ef164638a2c4b1296948929c1fe190826e? s=60&d=retro&r=g) ### 󠀁[handles these security points no one else does](https://wordpress.org/support/topic/handles-these-security-points-no-one-else-does/)󠁿 [tone_milazzo](https://profiles.wordpress.org/tone_milazzo/) 2018년 6월 21일 My topic can’t be empty so I’m writing this to fill it. ![](https://secure.gravatar.com/avatar/58d4f86f8302099fc2ca5d2da21b7e161c5de34ecf7039b6be33ec11a2f75d35? s=60&d=retro&r=g) ### 󠀁[Excellent](https://wordpress.org/support/topic/excellent-5036/)󠁿 [bozon](https://profiles.wordpress.org/bozon/) 2017년 6월 19일 답글 2개 Works really well! Tested with [link removed] For the future releases it would be good to include Content-Security-Policy and the forthcoming Expect-CT options. ![](https://secure.gravatar.com/avatar/b063142a541de8a7f5fa3c3a6d2f1d789c76757429e1564817db69b7c9006f89? s=60&d=retro&r=g) ### 󠀁[Perfect](https://wordpress.org/support/topic/perfect-4081/)󠁿 [WebBever](https://profiles.wordpress.org/webbever/) 2017년 5월 26일 Easy to use, works like a charm! ![](https://secure.gravatar.com/avatar/182886ecc0bf0de1ef7617aba1c0234a9b6d40f9d46c7e437399746ae2c4c619? s=60&d=retro&r=g) ### 󠀁[Excellent plugin, easy to use.](https://wordpress.org/support/topic/excellent-plugin-easy-to-use-5/)󠁿 [tjdurden](https://profiles.wordpress.org/tjdurden/) 2016년 9월 3일 답글 1개 Thanks for this. Very easy to install and configure. [ 모든 8 평가 읽기 ](https://wordpress.org/support/plugin/security-headers/reviews/) ## 기여자 & 개발자 “Security Headers”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다. 기여자 * [ SimonRWaters ](https://profiles.wordpress.org/simonrwaters/) * [ Simon Waters ](https://profiles.wordpress.org/simon-waters/) [자국어로 “Security Headers”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/security-headers) ### 개발에 관심이 있으십니까? [코드 탐색하기](https://plugins.trac.wordpress.org/browser/security-headers/)는, [SVN 저장소](https://plugins.svn.wordpress.org/security-headers/)를 확인하시거나, [개발 기록](https://plugins.trac.wordpress.org/log/security-headers/)을 [RSS](https://plugins.trac.wordpress.org/log/security-headers/?limit=100&mode=stop_on_copy&format=rss) 로 구독하세요. ## 변경이력 #### 1.1 Fix missing close anchor which breaks recent WordPress #### 1.0 Add support for wp-login.php page Add support for Expect-CT header #### 0.9 Removed unnecessary whitespace in HSTS header (thanks Thomas) Added Referrer-Policy header Corrected plugins name from “HTTP Headers” to “Security Header” (thanks Jamie) Removed trailing semi-colon from X-XSS-Protection (it worked but not needed) #### 0.8 Add headers to admin section of WordPress Added option to set the X-Frame-Options headers to main site Added HSTS Preload header (thanks to Jamie) #### 0.7 Add report-uri Fix handling of non-numeric blank strings for HPKP max-age #### 0.6 HPKP support Check for TLS before emitting HSTS or HPKP headers #### 0.5 Change h2 for h1 for accessibility per #31650 #### 0.4 License change Clarify wording for XSS protection in readme #### 0.3 Prepare for release #### 0.2 Added Sonarqube file and formatting changes #### 0.1 * Initial release. ## 기초 * 버전 **1.1** * 최근 업데이트: **7년 전** * 활성화된 설치 **4,000+** * 워드프레스 버전 ** 3.8.1 또는 그 이상 ** * 다음까지 시험됨: **5.1.22** * PHP 버전 ** 5.6 또는 그 이상 ** * 언어 * [English (US)](https://wordpress.org/plugins/security-headers/) * 태그: * [hsts](https://ko.wordpress.org/plugins/tags/hsts/)[https](https://ko.wordpress.org/plugins/tags/https/) [nosniff](https://ko.wordpress.org/plugins/tags/nosniff/)[tls](https://ko.wordpress.org/plugins/tags/tls/) * [고급 보기](https://ko.wordpress.org/plugins/security-headers/advanced/) ## 평점 별 5점 만점에 5점. * [ 8/5-별점 후기 ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=5) * [ 0/4-별점 후기 ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=4) * [ 0/3-별점 후기 ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=3) * [ 0/2-별점 후기 ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=2) * [ 0/1-별점 후기 ](https://wordpress.org/support/plugin/security-headers/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-headers/reviews/#new-post) [모든 리뷰 보기](https://wordpress.org/support/plugin/security-headers/reviews/) ## 기여자 * [ SimonRWaters ](https://profiles.wordpress.org/simonrwaters/) * [ Simon Waters ](https://profiles.wordpress.org/simon-waters/) ## 지원 할 말 있으신가요? 도움이 필요하신가요? [지원 포럼 보기](https://wordpress.org/support/plugin/security-headers/)