Content Security Policy (CSP) - by Nick - on WordPress WooCommerce support

This topic has 4 replies, 3 voices, and was last updated 3 years, 10 months ago ago by Muhammad Zaki

  • Avatar: Nick
    Nick
    Participant
    February 19, 2021 at 01:40

    Hello guys,

    I would like to add Content-Security-Policy header to my website. However, it was messed my website content. How do i apply it safely or you guys has it for xStore theme?

    Here is what i used:

    Header always set Content-Security-Policy “default-src ‘self’; font-src *;img-src * data:; script-src *; style-src *;”

    3 Answers
    Avatar: Olga Barlow
    Olga Barlow
    Support staff
    February 19, 2021 at 14:52

    Hello,

    Where did you use that? Did you try https://wordpress.org/plugins/wp-simple-firewall/ plugin to implement Content-Security-Policy header?

    Regards

    Avatar: Nick
    Nick
    Participant
    February 19, 2021 at 18:35

    Hi Olga,

    I have added it to Apache directive settings on my domain. Shield Security is great, but not free…lol. Im looking for independency solution.

    Avatar: Muhammad Zaki
    Muhammad Zaki
    Support staff
    February 19, 2021 at 19:27

    Hello!

    Setting up the CSP header is a very complex and difficult task. The plugins used on the site may have different settings so there are no general standards.

    So first of all to set up CSP headers, I would suggest you please use this plugin:https://wordpress.org/plugins/content-security-policy-pro/. It also gives the option to disable the CSP on the back-end so no plugin conflict arises.

    I have personally not tested it but it seems effective in defining CSP and has a simple interface. Please also remember that it is a third-party plugin and we do not guarantee that it will work with your setup but you can give it a try.

    Another way is to add the CSP rules to the .htaccess file. You will have to add rules for google font, analytics, etc.

    I see this detailed document you can take help from for adding your rules to .htaccess.
    https://walterebert.com/blog/using-csp-wordpress/

    Please let me know if you have any concerns regarding this, we would love to assist you.

    Thank you!

  • Viewing 4 results - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.Log in/Sign up

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.