Title: Fix It Easy Security Headers
Author: WP Fix It - WordPress Experts
Published: <strong>2025 年 8 月 24 日</strong>
Last modified: 2025 年 8 月 24 日

---

搜索插件

![](https://ps.w.org/fix-it-easy-security-headers/assets/banner-772x250.png?rev=
3349315)

![](https://ps.w.org/fix-it-easy-security-headers/assets/icon-256x256.gif?rev=3349315)

# Fix It Easy Security Headers

 作者：[WP Fix It – WordPress Experts](https://profiles.wordpress.org/wpfixit/)

[下载](https://downloads.wordpress.org/plugin/fix-it-easy-security-headers.1.1.zip)

 * [详情](https://cn.wordpress.org/plugins/fix-it-easy-security-headers/#description)
 * [评价](https://cn.wordpress.org/plugins/fix-it-easy-security-headers/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/fix-it-easy-security-headers/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/fix-it-easy-security-headers/#developers)

 [支持](https://wordpress.org/support/plugin/fix-it-easy-security-headers/)

## 描述

**WP Fix It Easy Security Headers** adds a simple page under **Tools  Security Headers**
where you can toggle common HTTP security headers:

 * **Strict-Transport-Security (HSTS)**
 * **Content-Security-Policy (CSP)**
 * **X-Frame-Options**
 * **X-Content-Type-Options**
 * **Referrer-Policy**
 * **Permissions-Policy**

On activation, all headers are **enabled by default** and you’re redirected to the
settings screen.

For convenience, the page and the Plugins screen include a **“Check Headers”** button
that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically
from `home_url()`).

### Notes on CSP

This plugin ships with a **permissive** default CSP intended to “work everywhere”
out of the box (allows most external sources and inline code). For stronger protection,
you should harden the directives for your specific site.

### Key Features

 * One-click toggles for popular headers
 * Dynamic “Check Headers” scan link
 * Uses the WordPress Settings API (nonce + capability checks)
 * Output escaping and sanitization following PHPCS

## 屏幕截图

 * [[
 * Settings screen with header toggles and “Check Headers” button.

## 安装

 1. Upload the plugin folder to `/wp-content/plugins/fix-it-easy-security-headers/`
    or install via Plugins  Add New.
 2. Activate the plugin.
 3. You’ll be redirected to **Tools  Security Headers**. Review and adjust toggles 
    as needed.
 4. (Optional) Click **Check Headers** to verify your headers on SecurityHeaders.com.

## 常见问题

### Where do I manage the settings?

Go to **Tools  Security Headers**.

### What happens on activation?

All header options are enabled and you’re redirected once to the settings page.

### Will this break my site?

Most headers are safe defaults. The provided CSP is intentionally permissive; it
shouldn’t block assets. For strict CSPs, tailor directives to your stack and test.

### Can I use this on multisite?

Yes. The “Check Headers” URL is derived from `home_url()`. Activation redirect is
skipped for network/bulk activations.

### Why don’t I see a “Settings saved” notice twice?

The page prints only this plugin’s scoped settings messages to avoid duplicate notices.

### Can I customize the CSP?

Yes. You can modify the `$csp` string in `security_headers_add_headers()` to fit
your site’s needs.

## 评价

此插件暂无评价。

## 贡献者及开发者

「Fix It Easy Security Headers」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/)

[帮助将「Fix It Easy Security Headers」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/fix-it-easy-security-headers)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/fix-it-easy-security-headers/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/fix-it-easy-security-headers/)，
或通过[RSS](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/)。

## 更新日志

#### 1.1

 * Initial release.
 * Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-
   Policy, Permissions-Policy.
 * Activation enables all options and redirects to settings.
 * Dynamic SecurityHeaders.com scan link.

## 额外信息

 *  版本 **1.1**
 *  最后更新：**9 月前**
 *  活跃安装数量 **10+**
 *  WordPress 版本 ** 5.8 或更高版本 **
 *  已测试的最高版本为 **6.8.5**
 *  PHP 版本 ** 7.4 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/fix-it-easy-security-headers/)
 * 标签
 * [csp](https://cn.wordpress.org/plugins/tags/csp/)[headers](https://cn.wordpress.org/plugins/tags/headers/)
   [hsts](https://cn.wordpress.org/plugins/tags/hsts/)[security](https://cn.wordpress.org/plugins/tags/security/)
 *  [高级视图](https://cn.wordpress.org/plugins/fix-it-easy-security-headers/advanced/)

## 评级

尚未提交反馈。

[Your review](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/)

## 贡献者

 *   [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/fix-it-easy-security-headers/)

## 捐助

您愿意支持这个插件的发展吗?

 [ 捐助此插件 ](https://www.wpfixit.com)