=== BaseCloud Security Manager === Contributors: basecloud Tags: security, firewall, hardening, content security policy, hsts Requires at least: 5.8 Tested up to: 6.5 Stable tag: 1.0.0 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html A simple, powerful plugin to implement best-practice HTTP security headers and harden your WordPress site against common attacks. == Description == BaseCloud Security Manager helps you secure your WordPress site by easily adding and configuring security headers. These headers act as a first line of defense, instructing browsers on how to handle your site's content safely, thereby protecting you and your visitors from attacks like clickjacking, cross-site scripting (XSS), and information disclosure. With an easy-to-use interface located right in your WordPress settings, you can enable robust security policies without needing to write any code or directly edit server files like .htaccess. **Key Features:** * **One-Click Master Switch:** Enable or disable all security features with a single click. * **Force SSL/HTTPS:** Ensure all traffic to your site is encrypted by automatically redirecting HTTP requests to HTTPS. * **Content-Security-Policy (CSP):** Control which resources (scripts, styles, images) a browser is permitted to load for your site, mitigating XSS attacks. * **HTTP Strict-Transport-Security (HSTS):** Force browsers to communicate with your site exclusively over HTTPS, preventing downgrade attacks. * **Referrer-Policy:** Control how much referrer information is sent with requests, enhancing user privacy. * **Permissions-Policy:** Control which browser features (like camera, microphone, geolocation) can be used on your site. * **Secure Cookies:** Automatically set the HttpOnly and Secure flags on session cookies to protect against XSS. * **Hardening Tweaks:** Includes options to remove server version information to prevent fingerprinting. * **Developer Friendly:** Default settings provide a strong security posture out of the box, with full control for advanced configuration. BaseCloud Security Manager is lightweight, efficient, and designed to integrate seamlessly into your WordPress admin experience without clutter or intrusive advertising. == Installation == Installing BaseCloud Security Manager is simple. **From your WordPress Dashboard:** 1. Navigate to 'Plugins' > 'Add New'. 2. Search for 'BaseCloud Security Manager'. 3. Click 'Install Now'. 4. Activate the plugin through the 'Plugins' menu in WordPress. 5. Navigate to 'Settings' > 'BaseCloud Security' to configure the plugin. **Manual Installation:** 1. Upload the `basecloud-security-manager` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Navigate to 'Settings' > 'BaseCloud Security' to configure the plugin. Once activated, we recommend reviewing the settings to ensure they are optimal for your hosting environment and site requirements. == Frequently Asked Questions == = Do I need technical knowledge to use this plugin? = Not at all! The plugin is designed to work out of the box with recommended settings. A master switch allows you to enable strong security with a single click. For advanced users, all policies are fully configurable. = What is a Content-Security-Policy (CSP)? = A Content-Security-Policy is a security header that tells a browser which locations (domains) are allowed to provide scripts, styles, images, and other resources. A strict CSP is one of the most effective ways to prevent Cross-Site Scripting (XSS) attacks. Our plugin provides a robust default policy that you can customize as needed. = Will this plugin break my site? = The default settings are designed for high compatibility. However, a very strict Content-Security-Policy (CSP) or Permissions-Policy could potentially conflict with other plugins or themes that load resources from external domains. If you experience issues, you can easily adjust the policies on the settings page or temporarily disable the master switch to identify the conflict. = Where do I find the settings page? = The settings page can be found by navigating to **Settings > BaseCloud Security** in your WordPress admin dashboard. You can also find a 'Settings' link on the main Plugins page next to BaseCloud Security Manager. == Screenshots == 1. The main settings page, showing the master switch and all configurable security headers. 2. An example of the Referrer-Policy dropdown options. == Changelog == = 1.0.1 = * Tweak: Added support for WordPress automatic updates. * Tweak: Updated author name to "BaseCloud Team". = 1.0.0 = * Initial release. == Upgrade Notice == = 1.0.1 = This update adds support for WordPress automatic updates to ensure you always have the latest security enhancements. No new settings have been added.