PHPackages carloswph/wp-secure-headers - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. carloswph/wp-secure-headers ActiveLibrary[Security](/categories/security) carloswph/wp-secure-headers =========================== Add and configure HTTP secure headers and more, for Wordpress websites. v1.2.1(5y ago)6191GPL-3.0-or-laterPHP Since Feb 26Pushed 5y ago2 watchersCompare [ Source](https://github.com/carloswph/wp-secure-headers)[ Packagist](https://packagist.org/packages/carloswph/wp-secure-headers)[ RSS](/packages/carloswph-wp-secure-headers/feed)WikiDiscussions main Synced 6d ago READMEChangelog (9)DependenciesVersions (10)Used By (0) WP Secure Headers Helper ======================== [](#wp-secure-headers-helper) A simple helper class to manage HTTP Security Headers made available when a website is under any SSL certificate. Unfortunately, many plugins are used to configure SSL, but miss the more elaborated part of it - include secure headers to requests. This class aims to offer a simple interface to set up those - bringing predefined headers adequate for most WP websites, but also enabling the coder to set or alter any header - and that may include customized HTTP headers as well. Installation ============ [](#installation) As we prefer, this library can be installed using Composer `composer require carloswph/wp-secure-headers`. Alternatively, you can just copy the class inside the `src` folder and use it in your plugin or theme. Usage ===== [](#usage) The class `WPH\Security\Headers` inserts secure headers for Wordpress. Having that said, it already comes with some basic headers, which can be seen by using the static method `wPH\Security\Headers::list()`. In the future, we intend to build some chained methods to allow configuring in detail two specific headers: Content-Security-Policy and Permissions-Policy. For the moment, both can be added to class instance through the `set()` method. Using with Composer ------------------- [](#using-with-composer) ``` use WPH\Security\Headers; require __DIR__ . '/vendor/autoload.php'; $sec_headers = new Headers(); $sec_headers->set('Content-Security-Policy', 'connect-src "self"'); // Add new headers to the class array property. ``` Content Security Policy ----------------------- [](#content-security-policy) Since version 1.2.0, this library has an additional class, which can be passed as argument through the main class and adds the Content-Security-Policy header after being configured with dozens of chain methods. An example: ``` use WPH\Security\Headers; use WPH\Security\ContentSecurityPolicy require __DIR__ . '/vendor/autoload.php'; $csp = new ContentSecurityPolicy(); $csp->setChild('https://google.com https://microsoft.com') ->setConnect('https://*'); $sec_headers = new Headers($csp); // Adds the Content-Security-Policy to the headers pool, with all set parameters ``` Besides all methods to the configure the various Content-Security-Policy directives individually, this additional class also has a method ReportOnly(), which indicates the main class that the header shall be set as Content-Security-Policy-Report-Only instead. All documentation and info about this complex header can be found inside the class docblock comments. Todo ==== [](#todo) - Methods to setup and configure Permissions Policy headers - Some cookie managing tools ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community9 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Recently: every ~12 days Total 9 Last Release 1857d ago Major Versions v0.5-beta → v1.0.02021-02-28 ### Community Maintainers ![](https://www.gravatar.com/avatar/13c91dcf5209989038da335ba42538fa84670bf27400f220d182a76e0a720b74?d=identicon)[carloswph](/maintainers/carloswph) --- Top Contributors [![meuppt](https://avatars.githubusercontent.com/u/37983141?v=4)](https://github.com/meuppt "meuppt (17 commits)") --- Tags php-librarypluginssecurity-toolswordpresshttpssecurityheaderscspcontent-security-policysecurity-headershttp-headerssecure headersstrict transport ### Embed Badge ![Health badge](/badges/carloswph-wp-secure-headers/health.svg) ``` [![Health](https://phpackages.com/badges/carloswph-wp-secure-headers/health.svg)](https://phpackages.com/packages/carloswph-wp-secure-headers) ``` ### Alternatives [spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp)[aidantwoods/secureheaders A PHP class aiming to make the use of browser security features more accessible. 433689.3k2](/packages/aidantwoods-secureheaders)[paragonie/csp-builder Easily add and update Content-Security-Policy headers for your project 5412.8M18](/packages/paragonie-csp-builder)[mlocati/ocsp Library to query HTTPS Certificates revocation status using the Online Certificate Status Protocol (OCSP) 40754.7k2](/packages/mlocati-ocsp)[stevenmaguire/laravel-middleware-csp Provides support for enforcing Content Security Policy with headers in Laravel responses. 39107.6k](/packages/stevenmaguire-laravel-middleware-csp)[mazedlx/laravel-feature-policy Add Feature-Policy headers to the responses of a Laravel app 17180.5k](/packages/mazedlx-laravel-feature-policy) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)