Require SRI (Sub Resource Integrity)

I’ve written previously about both CSP (Content Security Policy) and SRI (Sub Resource Integrity), both of which are mechanisms that can be used to better secure your website. CSP (or Content Security Policy) allows you to set a number of directives about what types of content can be loaded by your website, and what locations they can…

Web ARX Security

I’ve written before about the Web ARX Security plugin for WordPress, which I’m a big fan of.  In fact it’s even better now! Previously it was only available for WordPress, but now you can apply it to any PHP-based website, so it works with Joomla, Drupal and Magento as well. You can also configure the…

Web ARX Security

Securing websites can be a tricky business, but it’s something I pride myself at being pretty good at.  However, when you’re setting up and managing multiple WordPress sites, it can be hard to keep on top of them all at once. Step in Web ARX Security (affiliate link). In their own words… Website firewall, uptime monitoring and…

HSTS preloading

For a while now, my website has been using HSTS.  HSTS stands for HTTP Strict Transport Security, and essentially it’s a response header that your server sends back with your website to tell that browser that in future, this page should always be requested securely (via HTTPS).  I talked about it briefly last year in…