Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • September 17, 2019 at 11:57 am #1139068
    isreynolds_137

    Hi all,

    sorry im a novice at this but dont know where else to ask.

    Im trying to avert all possible hacking issues, i think ive solved most and added stuff to hta,access codes to suffice most things. when i run site check, on sucuri it still tells me to put these blocks on. ive added the code in hta access but

    https://docs.sucuri.net/warnings/hardening/security-headers-x-content-type-nosniff/
    https://docs.sucuri.net/warnings/hardening/security-headers-x-frame-options/
    https://docs.sucuri.net/warnings/hardening/security-headers-x-xss-protection/

    as far as i am aware i have put them in the hta access file but they need to be in the headers as well.

    I am using the https://en-gb.wordpress.org/plugins/insert-headers-and-footers/ plug in.

    when i drop the code in it shows the code in the page, any ideas where i should be dropping it and what the code should be. ie should there be any <head></head> around it, as even with that its visible. cheers en

    loving enfold so far

    September 20, 2019 at 1:05 pm #1140205
    Vinay

    Hey isreynolds_137,

    To insert code in your header please refer to the docs.

    I am afraid you’ll need to contact the plugin author for more info about the issue. Making third-party plugins compatible with the theme is unfortunately beyond the support scope we offer. Sorry for that!

    Best regards,
    Vinay

    September 26, 2019 at 12:08 pm #1142233
    isreynolds_137

    ok cheers i think the plug in works fine as i have had to drop in some bing and google code for an alias redirect to a specific set of pages it was just the code for security that would pad it and made the code function but not be visible.

    for instance
    X-XSS-Protection: 1; mode=block w
    hat would you put around that to make it.
    i realise its off topic and fair enough if you havent got the time to say. getting to grips with things now.

    cheers en

    September 28, 2019 at 9:15 am #1142976
    Rikard

    Hi,

    Thanks for the update. Please let us know if you should need any further help on the topic or if we can close it.

    Best regards,
    Rikard

    October 1, 2019 at 10:19 am #1143625
    isreynolds_137

    close it please ill ask the people at sucuri, cheers en

    October 1, 2019 at 3:51 pm #1143794
    hendlmann

    This information does not belong into the header or footer of the theme. You want to send it in the http headers. To achieve this you can use a .htaccess file (if you are using an apache webserver) and send the desired headers to the client.

    As stated in the links:

    You can enable it by modifying your Apache settings or your .htaccess file, and adding the following line to it:
    Header set X-Content-Type-Options nosniff

    October 2, 2019 at 6:15 am #1144062
    Rikard

    Hi,

    Thanks for sharing @hendlmann.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.