Enable HSTS for a Website.

I wanted to enable HSTS for my WordPress site (This process below is actually the same for any website), and I was thinking of the easiest way to do it. First of all, I would like to know what HSTS is and why do I need that to be enabled. Well…

Caution: If you want to enable HSTS for your site, you must have a valid SSL certificate already installed and activated. If you do not have it, and you enable HSTS anyway, visitors will not be able to access your site. SSL can be activated in many ways. Most hosting providers provide SSL certificate for free these days and it comes with the hosting plan. If you haven’t done it yet but you want to install and activate SSL, please see “From http to https” to do it all with a few easy steps.

HTTP Strict Transport Security (HSTS): It directs web browsers to only use secure connections for all future requests when communicating with a web site. It is very necessary when you are asking for security. Enabling HSTS will prevent cookie hijacking, SSL stripping, SSL protocol attacks, and other malicious attempts.

After understanding this, I decided to enable HSTS for my site and I know there are a couple of complex ways to do that. Let’s not try any of them. I will simply add a  few lines in my .htaccess file in the cPanel and that would do the work.

In one older post here, I talked about the location and easiest way to edit this .htaccess file. If you already know how to do it, please don’t go back that old post to read it, instead of that, you could add this line in that .htaccess file and save it and refresh the browser. That’s it. Things are done precisely and you enabled HSTS!

But, if you don’t know where to find this .htaccess file and you need to know about editing this file, Please see this (Prevent Username enumeration in WordPress) post, and follow the exact process described there.

Note: Please add these codes at the very bottom of your .htaccess file where it is an empty area.

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

Please copy these codes above and paste them into the .htaccess file and save the file and close the editor in cPanel. Yes, things are done.

Good Luck and have success in it.

2 thoughts on “Enable HSTS for a Website.

  • March 5, 2019 at 5:06 pm

    I am so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that’s at the other blogs. Appreciate your sharing this best doc.


Leave a Reply

Your email address will not be published. Required fields are marked *