Title: Security Headers & Caching Author: Studio Be4 Published: 15 ژوئن 2023 Last modified: 8 اکتبر 2025 --- جستجوی افزونه‌ها ![](https://ps.w.org/security-headers-caching/assets/banner-772x250.png?rev=2926642) ![](https://ps.w.org/security-headers-caching/assets/icon.svg?rev=2926662) # Security Headers & Caching توسط [Studio Be4](https://profiles.wordpress.org/studiobe4/) [دانلود](https://downloads.wordpress.org/plugin/security-headers-caching.7.4.zip) * [جزئیات](https://fa.wordpress.org/plugins/security-headers-caching/#description) * [نقد و بررسی‌ها](https://fa.wordpress.org/plugins/security-headers-caching/#reviews) * [نصب](https://fa.wordpress.org/plugins/security-headers-caching/#installation) * [توسعه](https://fa.wordpress.org/plugins/security-headers-caching/#developers) [پشتیبانی](https://wordpress.org/support/plugin/security-headers-caching/) ## توضیحات Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more. #### Key Features * **Easy Configuration** – Simple admin interface to enable/disable security headers * **Multiple Security Headers** – Comprehensive security header support * **Smart Caching** – Configurable cache duration for better performance * **Universal Compatibility** – Works with all hosting providers * **No Conflicts** – Compatible with popular security and caching plugins * **Translation Ready** – Full internationalization support #### Security Headers Included * **X-Powered-By** – Removes server technology information to prevent targeted attacks * **Content-Security-Policy (CSP)** – Controls which resources can be loaded to prevent XSS attacks * **Strict-Transport-Security (HSTS)** – Forces HTTPS connections for enhanced security * **X-XSS-Protection** – Enables XSS filtering in older browsers * **X-Frame-Options** – Prevents clickjacking attacks by controlling iframe embedding * **X-Content-Type-Options** – Prevents MIME type sniffing * **Referrer-Policy** – Controls how much referrer information is shared * **Permissions-Policy** – Controls browser features and APIs #### Caching Features * Configurable cache duration (seconds) * Automatic cache headers management * Compatible with CDN services * No conflict with existing cache plugins #### Why Security Headers Matter Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against: * Cross-Site Scripting (XSS) attacks * Clickjacking attempts * Code injection attacks * MIME type sniffing * Protocol downgrade attacks * And much more… #### Developer Friendly The plugin provides filters for developers to customize headers: * `shc_security_headers` – Filter to modify security headers array #### Test Your Security After installing and configuring the plugin, test your site’s security at: * [Security Headers](https://securityheaders.com/)* [Mozilla Observatory](https://observatory.mozilla.org/) #### Privacy This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server. ### Developer Documentation #### Filters **shc_security_headers** Modify the security headers before they are sent. ``` add_filter( 'shc_security_headers', function( $headers ) { // Add custom header $headers['X-Custom-Header'] = 'custom-value'; // Modify existing header $headers['X-Frame-Options'] = 'DENY'; return $headers; } ); ``` #### Constants * `SHC_VERSION` – Plugin version number * `SHC_PLUGIN_DIR` – Plugin directory path * `SHC_PLUGIN_URL` – Plugin directory URL * `SHC_PLUGIN_BASENAME` – Plugin basename ### Support For support, feature requests, or bug reports, please visit: * [Plugin Website](https://www.studiobe4.it) ### Credits Developed by [Studio Be4](https://www.studiobe4.it) – Web Design & Development Agency ### License This plugin is licensed under the GPLv2 or later. ## عکس‌های صفحه * [[ * Main settings page with all security header options * [[ * Easy-to-use interface with helpful descriptions * [[ * Cache configuration options ## نصب #### Automatic Installation 1. Log in to your WordPress admin panel 2. Navigate to Plugins Add New 3. Search for “Security Headers & Caching” 4. Click “Install Now” and then “Activate” #### Manual Installation 1. Download the plugin ZIP file 2. Log in to your WordPress admin panel 3. Navigate to Plugins Add New Upload Plugin 4. Select the downloaded ZIP file and click “Install Now” 5. Activate the plugin #### Configuration 1. After activation, navigate to **Security Headers** in your WordPress admin menu 2. Enable the security headers you want to use 3. Configure the Content Security Policy and other settings as needed 4. Set cache duration if desired (recommended: 3600 seconds for 1 hour) 5. Click “Save Settings” 6. Test your configuration at [securityheaders.com](https://securityheaders.com/) ## سوالات متداول ### Will this plugin slow down my website? No, security headers are lightweight HTTP headers that add negligible overhead. The caching feature actually improves performance. ### Is this compatible with my hosting provider? Yes! This plugin is designed to work with all hosting providers including Aruba, SiteGround, Bluehost, WP Engine, and others. Unlike the previous version, it uses WordPress core hooks that work universally. ### Can I use this with other security plugins? Yes, Security Headers & Caching is designed to work alongside other security plugins. It focuses specifically on HTTP headers. ### Will this break my site? The default settings are conservative and should work for most sites. However, strict Content Security Policy settings can affect sites using inline scripts or external resources. Test thoroughly after configuring. ### What is HSTS and should I enable it? HSTS (HTTP Strict Transport Security) forces browsers to use HTTPS. Only enable this if your site has a valid SSL certificate and is fully accessible via HTTPS. ### How do I know if it’s working? Visit [securityheaders.com](https://securityheaders.com/), enter your website URL, and check your security grade. You should see improvements after activating the plugin. ### Can I customize the headers? Yes! Developers can use the `shc_security_headers` filter to modify headers programmatically. See the plugin documentation for examples. ### What happens to my settings if I deactivate the plugin? Your settings are preserved in the database. If you uninstall (delete) the plugin, all settings are automatically removed. ### Does this plugin work with WordPress multisite? Yes, the plugin is fully compatible with WordPress multisite installations. ### I’m getting a lower score on securityheaders.com, why? Security headers need to be configured based on your site’s specific needs. A strict CSP policy may require listing all external resources. Adjust settings based on your requirements. ## نقد و بررسی‌ها نقد و بررسی‌ای برای این افزونه یافت نشد. ## توسعه دهندگان و همکاران “Security Headers & Caching” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند. مشارکت کنندگان * [ Studio Be4 ](https://profiles.wordpress.org/studiobe4/) [ترجمه “Security Headers & Caching” به زبان شما.](https://translate.wordpress.org/projects/wp-plugins/security-headers-caching) ### علاقه‌ مند به توسعه هستید؟ [Browse the code](https://plugins.trac.wordpress.org/browser/security-headers-caching/), check out the [SVN repository](https://plugins.svn.wordpress.org/security-headers-caching/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/security-headers-caching/) by [RSS](https://plugins.trac.wordpress.org/log/security-headers-caching/?limit=100&mode=stop_on_copy&format=rss). ## گزارش تغییرات #### 7.3 (2025-01-08) * Complete rewrite from version 7.2 * Fixed: Headers now work on all hosting providers (not just Aruba) * Fixed: Proper use of WordPress hooks (send_headers instead of init) * Fixed: Added proper CSRF protection with nonce verification * Fixed: All inputs properly sanitized and validated * Fixed: Checkbox values correctly handled * Fixed: Cache duration field now shows saved values * Added: Individual toggles for each security header * Added: Full internationalization support * Added: Proper WordPress Settings API integration * Added: Professional admin interface with helpful descriptions * Added: Settings link on plugins page * Added: Automatic cleanup on uninstall * Added: Multisite support * Added: Developer filters for customization * Added: Comprehensive documentation * Improved: Code organization with separate classes * Improved: Security with capability checks * Improved: Compatibility with all hosting environments * Improved: User experience with better UI/UX ## اطلاعات * نگارش **7.4** * Last updated **6 ماه پیش** * نصب‌های فعال **20+** * نگارش وردپرس ** 5.9 یا بالاتر ** * Tested up to **6.8.5** * نگارش PHP ** 7.2 یا بالاتر ** * زبان * [English (US)](https://wordpress.org/plugins/security-headers-caching/) * Tags * [cache](https://fa.wordpress.org/plugins/tags/cache/)[csp](https://fa.wordpress.org/plugins/tags/csp/) [headers](https://fa.wordpress.org/plugins/tags/headers/)[hsts](https://fa.wordpress.org/plugins/tags/hsts/) [security](https://fa.wordpress.org/plugins/tags/security/) * [نمایش پیشرفته](https://fa.wordpress.org/plugins/security-headers-caching/advanced/) ## امتیازها هنوز هیچ نقدی ارسال نشده است. [افزودن ارزیابی من](https://wordpress.org/support/plugin/security-headers-caching/reviews/#new-post) [مشاهده همه بررسی‌ها](https://wordpress.org/support/plugin/security-headers-caching/reviews/) ## مشارکت کنندگان * [ Studio Be4 ](https://profiles.wordpress.org/studiobe4/) ## پشتیبانی چیزی برای گفتن دارید؟ نیاز به کمک دارید؟ [مشاهده انجمن پشتیبانی](https://wordpress.org/support/plugin/security-headers-caching/)