WordPress.org
Get WordPress

Plugin Directory

Changeset 3416437


Ignore:
Timestamp:
12/10/2025 01:05:06 PM (4 months ago)
Author:
volixta
Message:

Add new Hardening module (secure cookies, disable indexing, block user enumeration)
Update readme and version to 1.1.2
Improve sanitization & nonce validation
Update uninstall routine for new options

Location:
volixta-ssl-security-headers/trunk
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed

  • volixta-ssl-security-headers/trunk/NOTICE.txt

    r3413483 r3416437  
    11Volixta SSL & Security Headers — Trademark & Licensing Notice
    2 Version: 1.1.1
    3 Date: 2025-12-07
     2Version: 1.1.2
     3Date: 2025-12-10
    44
    55Copyright © 2025 HELLO SITE LLC

  • volixta-ssl-security-headers/trunk/readme.txt

    r3413483 r3416437  
    44Requires at least: 5.8
    55Tested up to: 6.9
    6 Stable tag: 1.1.1
     6Stable tag: 1.1.2
    77Requires PHP: 7.4
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
    1010
    11 Add modern security headers, enable SSL/HTTPS, fix mixed content, and force 301 redirects. Fast and safe.
     11Add modern security headers, enable SSL/HTTPS, fix mixed content, harden WordPress, and force 301 redirects. Fast and safe.
    1212
    1313== Description ==
     
    1616Do you see browser warnings like *"Not Secure"* even though you installed SSL? 
    1717Are you getting **mixed content errors** in Chrome or Firefox after enabling HTTPS? 
    18 Or is your Site Health report complaining about missing **security headers**?
     18Is your Site Health report complaining about missing **security headers** or weak security settings? 
     19Are bots scanning your site with **?author=1** to enumerate users?
    1920
    2021👉 **Volixta SSL & Security Headers fixes all of these in a few clicks.**
    21 Easily **activate SSL**, **force 301 redirects**, repair **mixed content**, and add recommended **WordPress security headers** like HSTS, CSP, and X-Frame-Options.
     22
     23Easily **activate SSL**, **force 301 redirects**, repair **mixed content**, enable **security hardening**, and apply recommended **WordPress security headers** like HSTS, CSP, and X-Frame-Options.
    2224
    2325---
    2426
    2527### 🔐 What does Volixta do?
     28
    2629- **Activate SSL automatically**: safely update your WordPress `home` and `siteurl` to use `https://`.
    2730- **Force HTTPS with 301 redirect**: adds a safe `.htaccess` block on Apache/LiteSpeed, or falls back to a PHP redirect if needed.
    2831- **Fix mixed content**: scans your posts, postmeta, and options for `http://` links and replaces them with `https://` (serialization-safe).
    29 - **Apply modern HTTP Security Headers**: HSTS, Content-Security-Policy (`upgrade-insecure-requests`), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP. All values are editable before applying.
    30 - **Nginx friendly**: when `.htaccess` is not available, Volixta shows ready-to-use Nginx snippets for redirects and headers.
    31 - **Site Health integration**: new tests for SSL validity, HTTPS redirect, and security headers presence.
     32- **Apply modern HTTP Security Headers**: HSTS, Content-Security-Policy (`upgrade-insecure-requests`), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP.
     33- **Security hardening options**:
     34  - ✔️ **Secure cookies**: add `COOKIE_SECURE` and `COOKIE_HTTPONLY` to protect authentication cookies 
     35  - ✔️ **Disable directory indexing**: adds “Options -Indexes” to `.htaccess` 
     36  - ✔️ **Block user enumeration**: blocks `?author=ID` scans and hides `/wp-json/wp/v2/users` from visitors 
     37- **Nginx friendly**: when `.htaccess` is not available, Volixta shows ready-to-copy Nginx rules.
     38- **Site Health integration**: checks for SSL, redirects, security headers, and hardening status.
    3239
    3340---
     
    115122
    116123== Changelog ==
     124= 1.1.2 – 2025-12-10 =
     125- Added new Hardening module:
     126  * Secure & HttpOnly cookies (adds COOKIE_SECURE and COOKIE_HTTPONLY to wp-config.php)
     127  * Disable directory indexing by inserting “Options -Indexes” into .htaccess
     128  * Block user enumeration (?author=ID and REST API `/wp/v2/users`)
     129- Improved PHPCS compliance and sanitization for user enumeration blocking
     130- Updated uninstall routine to remove new hardening options
     131- UI enhancements for Security Hardening settings panel
     132- Updated readme.txt
     133
    117134= 1.1.1 – 2025-12-07 =
    118135- Tested up to: 6.9
     
    141158
    142159== Upgrade Notice ==
     160= 1.1.2 =
     161This update introduces new security hardening features (secure cookies, disable indexing, block user enumeration). Review the new Hardening panel and enable the protections you need.
     162
    143163= 1.1.0 =
    144164This update improves SSL detection and coding standards compliance. No action required, but review the new HTTPS recommendation notice in the admin panel.

  • volixta-ssl-security-headers/trunk/uninstall.php

    r3391996 r3416437  
    5656    delete_option('volissam_headers_options');
    5757    delete_option('volissam_mcf_last_scan');   // Mixed Content Fixer last scan
     58    delete_option('volissam_hardening_options');
    5859    // Transients used in admin UI
    5960    delete_transient('volissam_flash_notice');
     
    108109    delete_site_option('volissam_headers_options');
    109110    delete_site_option('volissam_mcf_last_scan');
     111    delete_site_option('volissam_hardening_options');
    110112} else {
    111113    volissam_uninstall_delete_all_options_for_blog();

  • volixta-ssl-security-headers/trunk/views/admin-page.php

    r3391996 r3416437  
    276276
    277277            <section class="volissam-panel">
     278                <h2><?php echo esc_html__('🔰 Security Hardening', 'volixta-ssl-security-headers'); ?></h2>
     279
     280                <?php $volissam_hard  = volissam_get_hardening_config(); ?>
     281
     282                <form method="post">
     283                    <?php wp_nonce_field('volissam_action', 'volissam_nonce'); ?>
     284                    <input type="hidden" name="volissam_action" value="save_hardening" />
     285
     286                    <table class="widefat striped">
     287                        <tbody>
     288                            <tr>
     289                                <th>
     290                                    <label for="volissam_secure_cookies">
     291                                        <?php echo esc_html__('Secure & HttpOnly cookies', 'volixta-ssl-security-headers'); ?>
     292                                    </label>
     293                                </th>
     294                                <td>
     295                                    <input type="checkbox"
     296                                        name="volissam_secure_cookies"
     297                                        id="volissam_secure_cookies"
     298                                        <?php checked($volissam_hard ['secure_cookies']); ?>>
     299                                    <p class="description">
     300                                        <?php echo esc_html__('Adds COOKIE_SECURE and COOKIE_HTTPONLY to wp-config.php for better session protection.', 'volixta-ssl-security-headers'); ?>
     301                                    </p>
     302                                </td>
     303                            </tr>
     304
     305                            <tr>
     306                                <th>
     307                                    <label for="volissam_no_indexing">
     308                                        <?php echo esc_html__('Disable directory indexing', 'volixta-ssl-security-headers'); ?>
     309                                    </label>
     310                                </th>
     311                                <td>
     312                                    <input type="checkbox"
     313                                        name="volissam_no_indexing"
     314                                        id="volissam_no_indexing"
     315                                        <?php checked($volissam_hard ['no_indexing']); ?>>
     316                                    <p class="description">
     317                                        <?php echo esc_html__('Writes “Options -Indexes” into .htaccess to prevent directory browsing.', 'volixta-ssl-security-headers'); ?>
     318                                    </p>
     319                                </td>
     320                            </tr>
     321
     322                            <tr>
     323                                <th>
     324                                    <label for="volissam_no_enum">
     325                                        <?php echo esc_html__('Block user enumeration', 'volixta-ssl-security-headers'); ?>
     326                                    </label>
     327                                </th>
     328                                <td>
     329                                    <input type="checkbox"
     330                                        name="volissam_no_enum"
     331                                        id="volissam_no_enum"
     332                                        <?php checked($volissam_hard ['no_enum']); ?>>
     333                                    <p class="description">
     334                                        <?php echo esc_html__('Blocks ?author=ID scans and hides /wp-json/wp/v2/users from visitors.', 'volixta-ssl-security-headers'); ?>
     335                                    </p>
     336                                </td>
     337                            </tr>
     338                        </tbody>
     339                    </table>
     340
     341                    <button class="button button-primary" type="submit">
     342                        💾 <?php echo esc_html__('Save Hardening Settings', 'volixta-ssl-security-headers'); ?>
     343                    </button>
     344                </form>
     345            </section>
     346
     347
     348
     349            <section class="volissam-panel">
    278350                <h2><?php echo esc_html__('Security Headers', 'volixta-ssl-security-headers'); ?></h2>
    279351                <p class="description">

  • volixta-ssl-security-headers/trunk/volixta-ssl-security-headers.php

    r3413483 r3416437  
    44 * Plugin Name: Volixta SSL & Security Headers
    55 * Description: Activate SSL/HTTPS, apply modern Security Headers (incl. HSTS), fix mixed content, file-permissions audit, — simple & safe.
    6  * Version: 1.1.1
     6 * Version: 1.1.2
    77 * Author: HELLO SITE LLC
    88 * Author URI: https://www.agence-hello-site.com/
     
    1818if (! defined('ABSPATH')) exit;
    1919
    20 define('VOLISSAM_VERSION', '1.1.1');
     20define('VOLISSAM_VERSION', '1.1.2');
    2121define('VOLISSAM_MARKER', 'Volixta Security Headers');
    2222define('VOLISSAM_REDIRECT_MARKER', 'Volixta HTTPS Redirect');
     
    2424define('VOLISSAM_OPT_HEADERS', 'volissam_headers_options'); // stores custom header config (enabled/value)
    2525define('VOLISSAM_OPT_MCF_LAST', 'volissam_mcf_last_scan'); // stocke le dernier résultat du scan
    26 define('VOLISSAM_BAK_KEEP', 3); // garder les 3 plus récents
     26define('VOLISSAM_BAK_KEEP', 2); // garder les 3 plus récents
    2727
    2828require_once plugin_dir_path(__FILE__) . 'includes/helpers.php';
    2929require_once plugin_dir_path(__FILE__) . 'includes/fs-helpers.php';
     30require_once plugin_dir_path(__FILE__) . 'includes/security-hardening.php';
    3031
    3132
Note: See TracChangeset for help on using the changeset viewer.