{"id":109289,"date":"2025-01-27T11:38:36","date_gmt":"2025-01-27T09:38:36","guid":{"rendered":"https:\/\/themeisle.com\/blog\/?p=109289"},"modified":"2025-01-27T11:38:39","modified_gmt":"2025-01-27T09:38:39","slug":"manually-harden-wordpress-security","status":"publish","type":"post","link":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/","title":{"rendered":"7 Vulnerabilities Your WordPress Security Plugins Can&#8217;t Protect You From (And How to Fix Them Manually)"},"content":{"rendered":"\n<p>If you&rsquo;re like most WordPress users then you&rsquo;ve probably installed a security plugin to help keep your website safe. This is an excellent <em>first<\/em> step and will handle much of your protection &ndash; especially if you&rsquo;ve enabled two-factor authentication.<\/p>\n\n\n\n<p>But notice that I emphasized <em>first<\/em> step. I did that deliberately because many people think it&rsquo;s the <em>only<\/em> step they need to take. If you truly care about your site&rsquo;s security though, then it shouldn&rsquo;t be.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>The good news is that with some light manual configuration, you can enhance your WordPress security at the server level and make your site significantly more resistant to attacks. As an added bonus, you&rsquo;ll feel like a WordPress security expert while doing it &ndash; arguably the most important part of the whole process. &#128521;<\/p>\n\n\n\n<p>So if you&rsquo;re ready to transform from a casual WordPress user to a pro and make your website bulletproof, then let&rsquo;s get started.<\/p>\n\n\n    \r\n    <style>\r\n        :root {\r\n        --jtoc-progress-bar-color: #4267cf;\n        }\r\n                    .wpj-jtoc.--jtoc-theme-none.--jtoc-has-custom-styles {\r\n        --jtoc-width: 100%;\n--jtoc-toc-padding: 24px;\n--jtoc-toc-border: 1px solid;\n--jtoc-toc-border-color: #dedede;\n--jtoc-background-color: #f6f7f9;\n--jtoc-header-height: 20px;\n--jtoc-header-margin: 0;\n--jtoc-header-padding: 0;\n--jtoc-title-color: #393939;\n--jtoc-title-font-size: 1.2em;\n--jtoc-title-label-font-weight: 400;\n--jtoc-body-margin: 16px 0 0 0;\n--jtoc-body-padding: 0;\n--jtoc-headings-margin: 10px 0 0 0;\n--jtoc-link-font-size: 1em;\n--jtoc-link-font-weight: 400;\n--jtoc-link-color: #848484;\n--jtoc-link-color-hover: #4a66c8;\n--jtoc-link-color-active: #4a66c8;\n        }\r\n        .--jtoc-the-content{\r\ndisplay:none;\r\n}\r\n.--jtoc-is-active>.wpj-jtoc--item-content>a:before{\r\nmargin-left:3px;\r\n}\r\n.wpj-jtoc--nav>.wpj-jtoc--items li a::before{\r\ncontent:'\\203A';\r\ndisplay:block;\r\nfloat:left;\r\nheight:100%;\r\nfont-weight:700;\r\ncolor:#4267CF;\r\nline-height: 20px;\r\nmargin-right: 3px;\r\n}\r\n.sidebar .wpj-jtoc--toc{\r\nborder:0;\r\npadding:0;\r\n}\r\n.sidebar .wpj-jtoc--header,\r\n.sidebar .wpj-jtoc--body{\r\nbackground:transparent;\r\n}\r\n\r\n.sidebar .--jtoc-is-active>.wpj-jtoc--item-content>a{\r\ntext-decoration:none;\r\n}\r\n.sidebar-left .widget-first{\r\nposition:sticky;\r\ntop:70px;\r\nmargin-bottom:1250px;\r\n}\r\n.sidebar-left{\r\ndisplay:none;\r\nmax-width:300px;\r\nposition:absolute;\r\nleft:-330px;\r\ntop:0;\r\nheight:100%;\r\n}\r\n@media only screen and (max-width: 1900px) {\r\n.single-post .sidebar-left{\r\ndisplay:none !important;\r\n}\r\n.--jtoc-the-content{\r\ndisplay:block;\r\n}\r\n@media only screen and (max-width: 400px) {\r\n.wpj-jtoc--item .wpj-jtoc--item-content{\r\nmargin-top:5px;\r\n}\r\n.wpj-jtoc--header-main .wpj-jtoc--title{\r\nfont-size:1.1em;\r\n}\r\n}    <\/style>\r\n\r\n\r\n    <!-- jtoc progress bar widget -->\r\n    <div class=\"wpj-jtoc--widget-progress --progress-top\">\r\n        <div class=\"wpj-jtoc--widget-progress-bar\"><\/div>\r\n    <\/div>\r\n\r\n<div id=\"wpj-jtoc\" class=\"wpj-jtoc wpj-jtoc--main --jtoc-the-content --jtoc-theme-none --jtoc-title-align-left --jtoc-toggle-icon --jtoc-toggle-position-right --jtoc-toggle-1 --jtoc-header-as-toggle --jtoc-headings-full-row-clickable --jtoc-floating-toc-top --jtoc-floating-has-shadow --jtoc-has-custom-styles --jtoc-is-unfolded\" >\r\n            \r\n    <!-- TOC -->\r\n    <div class=\"wpj-jtoc--toc \">\r\n                            <div class=\"wpj-jtoc--header\">\r\n                <div class=\"wpj-jtoc--header-main\">\r\n                                        <div class=\"wpj-jtoc--title\">\r\n                        <!-- <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" class=\"lucide lucide-columns-3\"><rect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\/><path d=\"M9 3v18\"\/><path d=\"M15 3v18\"\/><\/svg> -->\r\n                        <span class=\"wpj-jtoc--title-label\">Table of contents<\/span>\r\n                    <\/div>\r\n                                                        <\/div>\r\n            <\/div>\r\n                                <div class=\"wpj-jtoc--body\">\r\n                        <nav class=\"wpj-jtoc--nav\">\r\n                <ol class=\"wpj-jtoc--items\"><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-toolbox\" title=\"Toolbox\" data-numeration=\"1\" >Toolbox<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-running-your-initial-security-checks\" title=\"Running your initial security checks\" data-numeration=\"2\" >Running your initial security checks<\/a>\r\n                    <\/div> <ol class=\"wpj-jtoc--items\"><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#h-understanding-all-the-red-flags\" title=\"Understanding all the red flags\" data-numeration=\"2.1\" >Understanding all the red flags<\/a>\r\n                    <\/div> <\/li><\/ol><\/li><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-finding-your-way-to-the-server-files\" title=\"Finding your way to the server files\" data-numeration=\"3\" >Finding your way to the server files<\/a>\r\n                    <\/div> <ol class=\"wpj-jtoc--items\"><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#h-locating-the-htaccess-file\" title=\"Locating the .htaccess file\" data-numeration=\"3.1\" >Locating the .htaccess file<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#h-adding-code-to-the-htaccess-file-to-fix-the-security-issues\" title=\"Adding code to the .htaccess file to fix the security issues\" data-numeration=\"3.2\" >Adding code to the .htaccess file to fix the security issues<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#h-re-running-security-checks\" title=\"Re-running security checks\" data-numeration=\"3.3\" >Re-running security checks<\/a>\r\n                    <\/div> <\/li><\/ol><\/li><\/ol>            <\/nav>\r\n                                                        <\/div>\r\n            <\/div>\r\n<\/div>\r\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-toolbox\">Toolbox<\/h2>\n\n\n\n<p>Believe it or not, to pull this off, you&rsquo;re only going to need three (possibly four) tools.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sucuri Site Check<\/strong>: Free tool to run your initial scan and to verify your changes.<\/li>\n\n\n\n<li><strong>Security Headers<\/strong>: Another free tool that provides detailed feedback on website security configurations.<\/li>\n\n\n\n<li><strong>Access to your hosting control panel<\/strong>: I&rsquo;m using cPanel, but I&rsquo;ll cover what to do if you have something else.<\/li>\n\n\n\n<li><strong>A text editor<\/strong> (maybe): Your hosting control panel probably has one built in so this might not be needed, but I&rsquo;m listing it here just in case.<\/li>\n<\/ul>\n\n\n\n<p>The most complicated thing from the list above is going to be accessing <a href=\"https:\/\/themeisle.com\/blog\/what-is-cpanel\/\">cPanel<\/a>. It&rsquo;s not difficult, but every hosting company has their own way to do it and if you&rsquo;ve never done it before then you need to figure it out.<\/p>\n\n\n\n<p>The easiest way to approach it (if you&rsquo;re unsure) is to go to your hosting company&rsquo;s website knowledge base and search for &ldquo;cPanel.&rdquo; If that doesn&rsquo;t get you anywhere then reach out to their customer support.<\/p>\n\n\n<div class=\"su-divider su-divider-style-dotted\" style=\"margin:40px 0;border-width:1px;border-color:#999999\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-running-your-initial-security-checks\">Running your initial security checks<\/h2>\n\n\n\n<p>Before you start tinkering with your site&rsquo;s code, you first want to check how it currently handles security. The changes I&rsquo;m going to show you are very specific so you want to ensure that they are in fact necessary for your site.<\/p>\n\n\n\n<p>In most cases &ndash; especially if you rely on shared hosting &ndash; you are going to need to make them. However, on some higher-level <a href=\"https:\/\/themeisle.com\/blog\/what-is-managed-wordpress-hosting\/\">managed WordPress hosting<\/a> plans it&rsquo;s possible that your host might make the tweaks on your behalf. Hence why running these scans beforehand is important.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-sucuri-site-check\">Sucuri Site Check<\/h3>\n\n\n\n<p>To get started, head over to <a href=\"https:\/\/sitecheck.sucuri.net\/\" target=\"_blank\" rel=\"noopener\">Sucuri&rsquo;s Site Check tool<\/a> and paste your website address into the scanner:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=78847787  fetchpriority=\"high\" decoding=\"async\" width=\"3006\" height=\"1266\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png\" alt=\"Sucuri Site Check page.\" class=\"wp-image-109292\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:808\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 3006w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:126\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:431\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:323\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:647\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:809\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:21\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:202\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:334\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:505\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:125\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:164\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:114\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:808\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-Site-Scanner.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"><\/figure>\n\n\n\n<p>Click <strong>Submit<\/strong> and let Sucuri work its magic.<\/p>\n\n\n\n<p>For the purposes of this tutorial, I intentionally unprotected my personal site to show you what the standard WordPress configuration looks like (before you make the edits):<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1979045451  fetchpriority=\"high\" decoding=\"async\" width=\"2562\" height=\"514\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png\" alt=\"Results of initial Sucuri Scan showing security vulnerabilities.\" class=\"wp-image-109293\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:385\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 2562w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:60\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:205\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:154\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:308\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:385\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:10\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:96\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:159\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:241\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:59\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:78\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:54\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:385\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Results-of-initial-Sucuri-Scan-showing-security-vulnerabilities.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"><\/figure>\n\n\n\n<p>As you can see, the scan revealed five security gaps that you would see in any typical WordPress setup. I&rsquo;ll explain what they mean in a moment.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-security-headers\">Security Headers<\/h3>\n\n\n\n<p>While Sucuri gave us a good overview, the <a href=\"https:\/\/securityheaders.com\/\" target=\"_blank\" rel=\"noopener\">Security Headers<\/a> tool goes even deeper. Using it is self-explanatory, but since this is a guide it would feel incomplete if I didn&rsquo;t come right out and say it:<\/p>\n\n\n\n<p>Type or paste your website&rsquo;s address into the <strong>enter address here<\/strong> window and click on <strong>Scan<\/strong>.<\/p>\n\n\n\n<p>Depending on how large your site is, the results could take anywhere from a second to&hellip;well, longer. &#128517; My initial result looked like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1788656042  fetchpriority=\"high\" decoding=\"async\" width=\"2442\" height=\"1432\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp\" alt=\"SecurityHeaders.com failed security scan.\" class=\"wp-image-109296\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1841\/h:1080\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 2442w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:176\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:450\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:901\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1841\/h:1080\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:29\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:409\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 409w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:677\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 677w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1023\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 1023w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:252\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 252w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:333\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 333w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:230\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 230w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1841\/h:1080\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-failed-security-scan.webp 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"><\/figure>\n\n\n\n<p>All the red colors and the giant F might look a bit intimidating, but it&rsquo;s actually giving us some very useful information. Each of those red marks is pointing out a missing security header that makes your site more vulnerable.<\/p>\n\n\n\n<p>I also want to <strong>reemphasize<\/strong> that you will see these results <strong>even with<\/strong> having Wordfence or some other <a href=\"https:\/\/themeisle.com\/blog\/wordpress-security-plugins\/\">security plugin<\/a> installed on your site. The exception being if your hosting company or someone else makes the edits we&rsquo;re going to make before you.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-understanding-all-the-red-flags\">Understanding all the red flags<\/h3>\n\n\n\n<p>Now let&rsquo;s organize everything our scans found &ndash; there&rsquo;s some overlap between the tools, but each one caught some unique issues too.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-issues-both-tools-caught\">Issues both tools caught &#129309;<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Content-Security-Policy<\/strong> is missing entirely &ndash; meaning there&rsquo;s nothing controlling what scripts and content can load on the site. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d772e_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d772e\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d772e\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">Without these controls, malicious code could be injected and run on your pages, potentially compromising your site and visitors.<\/span><\/span><span id=\"su_tooltip_69d25a70d772e_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n\n\n\n<li><strong>X-Frame-Options<\/strong> is missing, which leaves the site vulnerable to clickjacking attempts through unauthorized embedding. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d7787_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d7787\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d7787\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">Clickjacking is when attackers trick users into clicking something different from what they see, often by invisibly layering your legitimate site under malicious content.<\/span><\/span><span id=\"su_tooltip_69d25a70d7787_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n\n\n\n<li><strong>Content-Type-Options<\/strong> isn&rsquo;t set, which could enable MIME-type confusion attacks. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d77d0_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d77d0\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d77d0\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">MIME-type confusion occurs when a browser is tricked into treating one type of file as another, potentially executing harmful code.<\/span><\/span><span id=\"su_tooltip_69d25a70d77d0_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-sucuri-s-unique-findings\">Sucuri&rsquo;s unique findings &#128269;<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>PHP version<\/strong> is visible in HTTP headers. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d7813_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d7813\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d7813\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">When attackers can see your PHP version, they know exactly which vulnerabilities might work against your site - like having a blueprint of your security system.<\/span><\/span><span id=\"su_tooltip_69d25a70d7813_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-security-header-s-extra-insights\">Security Header&rsquo;s extra insights &#128300;<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No <strong>Referrer Policy<\/strong> in place. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d7853_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d7853\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d7853\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">Without this policy, your site might leak sensitive information about your users' browsing patterns to other websites.<\/span><\/span><span id=\"su_tooltip_69d25a70d7853_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n\n\n\n<li><strong>Permissions Policy<\/strong> hasn&rsquo;t been configured. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d7891_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d7891\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d7891\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">This means any page on your site could potentially request access to visitors' cameras, microphones, or location data without restrictions.<\/span><\/span><span id=\"su_tooltip_69d25a70d7891_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n\n\n\n<li><strong>Strict-Transport-Security<\/strong> is missing. &#8505;&#65039; <span id=\"su_tooltip_69d25a70d78ce_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d78ce\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\"><em>Why is that bad?<\/em><\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d78ce\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">Without this header, connections to your site might downgrade from HTTPS to HTTP, making them vulnerable to interception.<\/span><\/span><span id=\"su_tooltip_69d25a70d78ce_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span><\/li>\n<\/ul>\n\n\n\n<p>The beauty of fixing these issues is that you don&rsquo;t need to understand every technical detail &ndash; you just need to implement the solutions correctly. Which, conveniently, is exactly what we&rsquo;re about to do.<\/p>\n\n\n<div id=\"cbox-rkljz9TIOfsV22KX\"><\/div>\n<div class=\"su-divider su-divider-style-dotted\" style=\"margin:40px 0;border-width:1px;border-color:#999999\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-finding-your-way-to-the-server-files\">Finding your way to the server files<\/h2>\n\n\n\n<p>Assuming you have cPanel like I do, click on File Manager in your dashboard:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1827460236  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png\"  decoding=\"async\" width=\"2288\" height=\"794\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png\" alt=\"Accessing file manager via cPanel.\" class=\"wp-image-109305\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2288w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:104\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:355\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:267\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:533\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:17\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:167\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:276\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:416\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:103\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:94\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2x\"><noscript><img data-opt-id=1827460236  decoding=\"async\" width=\"2288\" height=\"794\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png\" alt=\"Accessing file manager via cPanel.\" class=\"wp-image-109305\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2288w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:104\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:355\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:267\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:533\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:17\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:167\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:276\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:416\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:103\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:135\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:94\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:666\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Accessing-file-manager-from-cPanel.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>If you&rsquo;re using something other than cPanel then you can download <a href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\">FileZilla<\/a> (it&rsquo;s free and here&rsquo;s a <a href=\"https:\/\/themeisle.com\/blog\/how-to-use-filezilla\/\">quick guide on how to use it<\/a>). After you install it, use your FTP details from your hosting dashboard to connect to your server:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Host: <code>ftp.yoursite.com<\/code> &ndash; double check if that&rsquo;s the correct address in the FTP section of cPanel<\/li>\n\n\n\n<li>Username: <code>your-username<\/code><\/li>\n\n\n\n<li>Password: <code>your-password<\/code><\/li>\n\n\n\n<li>Port: <code>21<\/code> &ndash; also check if this is the port that your setup is using (FTP in cPanel)<\/li>\n<\/ul>\n\n\n\n<p>Some hosts will also provide you with their own cPanel alternative which might function similarly. In other words, you might not absolutely have to use FileZilla. If you&rsquo;re not sure, ask customer support.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-locating-the-htaccess-file\">Locating the .htaccess file<\/h3>\n\n\n\n<p>Once you&rsquo;re logged in, you&rsquo;ll see something that looks like your computer&rsquo;s file browser. <strong>We need to find a specific file called <code>.htaccess<\/code><\/strong> &ndash; it controls how your server handles various security settings. The easiest way to find it is to use the cPanel file manager search function on the top right. FileZilla users can <a href=\"https:\/\/filezillapro.com\/docs\/v3\/getting-started\/search-for-files\/\" target=\"_blank\" rel=\"noopener\">rely on a similar feature<\/a>.<\/p>\n\n\n\n<p>Type <code>.htaccess<\/code> in the window and click <strong>Go<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1026909230  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png\"  decoding=\"async\" width=\"2768\" height=\"1080\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png\" alt=\"Searching for .htaccess file in the cPanel file manager.\" class=\"wp-image-109306\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:117\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:400\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:599\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:20\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:187\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:310\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:468\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:115\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:152\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:105\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2x\"><noscript><img data-opt-id=1026909230  decoding=\"async\" width=\"2768\" height=\"1080\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png\" alt=\"Searching for .htaccess file in the cPanel file manager.\" class=\"wp-image-109306\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:117\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:400\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:300\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:599\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:20\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:187\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:310\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:468\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:115\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:152\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:105\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:749\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Searching-for-.htaccess-file-in-cPanel-file-manager.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>If you only have one website linked to your hosting account then this should be fairly straightforward. If you have multiple sites then be sure that you are clicking on the <code>.htaccess<\/code> file that is associated with the site you&rsquo;re going to be making these edits to.<\/p>\n\n\n\n<p>Another potential tripwire detail to watch out for is the fact that even on a single site setup, you&rsquo;ll probably still have other <code>.htaccess<\/code>-ish files. Basically files that have <code>.htaccess<\/code> in their name but then also other words or characters.<\/p>\n\n\n\n<p>You don&rsquo;t want any of those. You only want the one that is called <code>.htaccess<\/code> and nothing else.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-adding-code-to-the-htaccess-file-to-fix-the-security-issues\">Adding code to the .htaccess file to fix the security issues<\/h3>\n\n\n\n<p>Once you locate the file, you&rsquo;ll want to download it before you make any edits. This way if something goes wrong you have a backup that you can upload back into the folder.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1149565511  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png\"  decoding=\"async\" width=\"1656\" height=\"792\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png\" alt=\"Download .htaccess file prior to making edits.\" class=\"wp-image-109308\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1656\/h:792\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1656w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:143\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:490\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:367\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:735\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:24\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:230\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:380\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:574\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:142\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:187\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:129\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1656\/h:792\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 2x\"><noscript><img data-opt-id=1149565511  decoding=\"async\" width=\"1656\" height=\"792\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png\" alt=\"Download .htaccess file prior to making edits.\" class=\"wp-image-109308\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1656\/h:792\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1656w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:143\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:490\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:367\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:735\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:24\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:230\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:380\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:574\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:142\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:187\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:129\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1656\/h:792\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Download-.htaceess-file-prior-to-making-changes.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>Nothing should go wrong, but better to be safe than <em>you-know-what<\/em>.<\/p>\n\n\n\n<p>Once your backup is safely downloaded, you can proceed with editing the <code>.htaccess<\/code> file. In cPanel&rsquo;s File Manager, right-click the file and select <strong>Edit<\/strong>. If you&rsquo;re using FileZilla, right-click and choose <strong>View\/Edit<\/strong> &ndash; this will open the file in your default text editor.<\/p>\n\n\n\n<p>The next part is the apex of this entire mission. This is where you get to feel like a WordPress security expert for a brief moment. Enjoy it while it lasts.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-where-to-put-the-code-in-your-htaccess-file\">Where to put the code in your <code>.htaccess<\/code> file &#128104;&#127995;&zwj;&#128187;<\/h4>\n\n\n\n<p>WordPress installations typically have several sections here, marked by comments that start with <code># BEGIN<\/code> and <code># END<\/code>.<\/p>\n\n\n\n<p>Look for a line that says this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># END WordPress<\/code><\/pre>\n\n\n\n<p>The safest approach is to <strong>add the security headers right after this<\/strong>. If you don&rsquo;t see the exact line, or if you&rsquo;re unsure, you can add the headers at the very end of the file &ndash; just make sure to leave a blank line between any existing code and the new additions.<\/p>\n\n\n\n<p>Here&rsquo;s the code:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN Security Headers\nHeader unset X-Powered-By\nphp_flag expose_php Off\nHeader set X-Frame-Options \"SAMEORIGIN\"\nHeader set X-Content-Type-Options \"nosniff\"\nHeader set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\nHeader set Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:\/\/*.wordpress.org; style-src 'self' 'unsafe-inline' https:\/\/fonts.googleapis.com; img-src 'self' data: https: blob:; font-src 'self' data: https:\/\/fonts.gstatic.com; frame-src 'self' https:\/\/*.wordpress.org; media-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'\"\nHeader set Referrer-Policy \"strict-origin-when-cross-origin\"\nHeader set Permissions-Policy \"camera=(), microphone=(), geolocation=(), payment=()\"\n# END Security Headers<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-make-adjustments-based-on-the-needs-of-your-site\">Make adjustments based on the needs of your site<\/h4>\n\n\n\n<p>After implementing the base version, you might need to add additional domains based on the specific plugins you have on your website.<\/p>\n\n\n\n<p>But how do you know which domains to add?<\/p>\n\n\n\n<p>Your browser will tell you!<\/p>\n\n\n\n<p>When a resource gets blocked by your Content Security Policy, you&rsquo;ll see an error in your <span id=\"su_tooltip_69d25a70d7999_button\" class=\"su-tooltip-button su-tooltip-button-outline-yes tooltip-underline\" aria-describedby=\"su_tooltip_69d25a70d7999\" data-settings='{\"position\":\"top\",\"behavior\":\"hover\",\"hideDelay\":0}' tabindex=\"0\">browser&rsquo;s console<\/span><span style=\"display:none;z-index:100\" id=\"su_tooltip_69d25a70d7999\" class=\"su-tooltip tooltip-underline\" role=\"tooltip\"><span class=\"su-tooltip-inner su-tooltip-shadow-no\" style=\"z-index:100;background:#222222;color:#FFFFFF;font-size:16px;border-radius:5px;text-align:left;max-width:300px;line-height:1.25\"><span class=\"su-tooltip-title\"><\/span><span class=\"su-tooltip-content su-u-trim\">If you're using Google Chrome, right click or two-finger click, and then scroll down until you see a choice for Inspect. Click it. Then look for the Console tab. It should be between Elements and Sources as you see in the screenshot below.<\/span><\/span><span id=\"su_tooltip_69d25a70d7999_arrow\" class=\"su-tooltip-arrow\" style=\"z-index:100;background:#222222\" data-popper-arrow><\/span><\/span>.<\/p>\n\n\n\n<p>To give you an example of what this looks like in action, I intentionally removed <code>https:\/\/fonts.googleapis.com;<\/code> from the <code>style-src 'self'<\/code> section from the base security policy above. Here&rsquo;s what the console showed me:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=256627533  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png\"  decoding=\"async\" width=\"1206\" height=\"660\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png\" alt=\"Example of Google fonts being blocked by Content Security Policy.\" class=\"wp-image-109577\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1206\/h:660\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1206w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:164\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:560\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:420\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:27\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:439\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 439w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:725\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 725w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1096\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1096w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:356\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 356w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:247\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 247w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1206\/h:660\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 2x\"><noscript><img data-opt-id=256627533  decoding=\"async\" width=\"1206\" height=\"660\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png\" alt=\"Example of Google fonts being blocked by Content Security Policy.\" class=\"wp-image-109577\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1206\/h:660\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1206w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:164\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:560\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:420\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:27\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:439\/h:240\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 439w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:725\/h:397\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 725w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1096\/h:600\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 1096w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:148\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:356\/h:195\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 356w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:247\/h:135\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 247w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1206\/h:660\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Example-of-Google-fonts-getting-blocked-by-Content-Security-Policy.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>It&rsquo;s important to take mental stock of your overall site when making these adjustments because not all of your plugins might load everywhere. For example, if you use a forms plugin and have a submission form on some page, but you are doing this console check on a different page, well then you won&rsquo;t see an error.<\/p>\n\n\n\n<p>Once you&rsquo;ve addressed any possible resource blocks and have a final working version of your CSP, click on <strong>Save Changes<\/strong> on the top right of your cPanel file manager. For non-cPanel users, find whatever the equivalent button is on your own interface.<\/p>\n\n\n\n<p>&#128584; If the thought of fiddling around with console and customizing your security policy intimidates you but you still want a decent security policy, then you can use the version below. It&rsquo;s not as strict as the base version I gave you earlier, but it should still give you a passing grade on the scans. More importantly, it&rsquo;s better than not having anything in your <code>.htaccess<\/code> file, which is what you have now.<\/p>\n\n\n<div class=\"su-spoiler su-spoiler-style-fancy su-spoiler-icon-plus su-spoiler-closed\" data-scroll-offset=\"0\" data-anchor-in-url=\"no\"><div class=\"su-spoiler-title\" tabindex=\"0\" role=\"button\"><span class=\"su-spoiler-icon\"><\/span><strong>Click here for the alternate CSP<\/strong> <\/div><div class=\"su-spoiler-content su-u-clearfix su-u-trim\">\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN Security Headers\nHeader unset X-Powered-By\nphp_flag expose_php Off\nHeader set X-Frame-Options \"SAMEORIGIN\"\nHeader set X-Content-Type-Options \"nosniff\"\nHeader set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\nHeader set Content-Security-Policy \"default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-src 'self' *; font-src 'self' data: *; media-src 'self' *;\"\nHeader set Referrer-Policy \"strict-origin-when-cross-origin\"\nHeader set Permissions-Policy \"camera=(), microphone=(), geolocation=(), payment=()\"\n# END Security Headers<\/code><\/pre>\n\n\n<\/div><\/div>\n\n\n\n<p>With that out of the way, you can run the security scans again to see the impact of your changes.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-re-running-security-checks\">Re-running security checks<\/h3>\n\n\n\n<p>First, check Security Headers:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1890115916  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png\"  decoding=\"async\" width=\"2444\" height=\"714\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png\" alt=\"SecurityHeaders.com passed security scan.\" class=\"wp-image-109311\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1919\/h:560\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2444w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:88\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:299\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:224\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:449\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:560\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:15\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:140\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:232\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:351\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:86\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:114\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:79\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1919\/h:560\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2x\"><noscript><img data-opt-id=1890115916  decoding=\"async\" width=\"2444\" height=\"714\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png\" alt=\"SecurityHeaders.com passed security scan.\" class=\"wp-image-109311\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1919\/h:560\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2444w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:88\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:299\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:224\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:449\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:560\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:15\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:140\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:232\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:351\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:86\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:114\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:79\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1919\/h:560\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/SecurityHeaders.com-passed-security-scan.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>Not too bad, huh?<\/p>\n\n\n\n<p>We went from an F to an A.<\/p>\n\n\n\n<p>Talk about a glow-up!<\/p>\n\n\n\n<p>Every security header we configured is showing as properly implemented.<\/p>\n\n\n\n<p>Next, let&rsquo;s check Sucuri:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1994791528  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png\"  decoding=\"async\" width=\"2132\" height=\"580\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png\" alt=\"Sucuri scan after adding header code.\" class=\"wp-image-109312\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2132w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:82\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:279\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:209\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:418\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:14\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:131\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:216\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:326\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:81\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:106\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:73\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2x\"><noscript><img data-opt-id=1994791528  decoding=\"async\" width=\"2132\" height=\"580\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png\" alt=\"Sucuri scan after adding header code.\" class=\"wp-image-109312\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2132w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:82\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:279\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:209\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:418\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:14\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:131\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:216\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:326\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:81\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:106\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:73\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:522\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/Sucuri-scan-after-adding-header-code.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>Much better but oddly there are still two warnings.<\/p>\n\n\n\n<p>The <strong>first one<\/strong> is actually a false positive since I know that my site has <a href=\"https:\/\/themeisle.com\/blog\/protect-your-wordpress-site-using-wordfence\/\">Wordfence<\/a> running. I don&rsquo;t have any explanation for this other than perhaps Sucuri doesn&rsquo;t recognize Wordfence for whatever reason. If you see the same warning and you also know that you have a WAF installed then just ignore it.<\/p>\n\n\n\n<p>The <strong>second message<\/strong> is a little different though. It also shows up in the Security Headers result, below the stellar A grade report I showed you already:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1032247917  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png\"  decoding=\"async\" width=\"2702\" height=\"1166\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png\" alt=\"SecurityHeaders.com passed security scan but with warnings.\" class=\"wp-image-109578\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2702w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:129\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:442\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:331\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:663\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:22\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:207\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:343\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:518\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:128\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:168\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:117\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2x\"><noscript><img data-opt-id=1032247917  decoding=\"async\" width=\"2702\" height=\"1166\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png\" alt=\"SecurityHeaders.com passed security scan but with warnings.\" class=\"wp-image-109578\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2702w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:129\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:442\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:331\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:663\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2048w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:22\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:207\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:343\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:518\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:128\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:168\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:117\/q:mauto\/f:best\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1920\/h:828\/q:mauto\/f:best\/dpr:2\/https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/02\/Result-of-security-scan-showing-usafe-inline-as-dangerous.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"></noscript><\/figure>\n\n\n\n<p>Here&rsquo;s the thing:<\/p>\n\n\n\n<p>Despite being flagged as &ldquo;dangerous&rdquo; by both tools, the use of <em>unsafe-inline<\/em> is actually perfectly okay.<\/p>\n\n\n\n<p>WordPress needs certain <a href=\"https:\/\/themeisle.com\/blog\/wordpress-custom-javascript\/\">JavaScript<\/a> and CSS abilities to function &ndash; especially for the block editor and plugins. So while there are technically stricter ways to handle this (that&rsquo;s what those <em>nonces<\/em> references are about), doing so would break your site. Literally.<\/p>\n\n\n\n<p>The best analogy here is to think of a house. You could technically make your house &ldquo;more secure&rdquo; by sealing all your windows and doors with cement, but that would render your house non-functional. This is the same idea.<\/p>\n\n\n<div class=\"su-divider su-divider-style-dotted\" style=\"margin:40px 0;border-width:1px;border-color:#999999\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-wrapping-up\">Wrapping up<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>WordPress security plugins are the foundation of a good security strategy &ndash; but they can&rsquo;t reach down to the server level where certain critical protections need to be set.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n\t\t<div class=\"ti-tweet-clear\"><\/div>\n\t\t\t<div class=\"ti-tweet_wrapper\">\n\t\t    \t<div class=\"ti-tweet_text\">\n\t\t    \t\t<a href=\"https:\/\/twitter.com\/share?text=7+vulnerabilities+your+%23WordPress+%23security+plugins+can%27t+protect+you+from+%F0%9F%94%90&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\" target=\"_blank\" rel=\"nofollow\">7 vulnerabilities your #WordPress #security plugins can't protect you from &#128272;<\/a>\n\t\t    \t<\/div>\n\t\t    \t<div class=\"ti-tweet_sharebtn\">\n\t\t    \t<a href=\"https:\/\/twitter.com\/share?text=7+vulnerabilities+your+%23WordPress+%23security+plugins+can%27t+protect+you+from+%F0%9F%94%90&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\" target=\"_blank\" rel=\"nofollow\">Click To Tweet \n\t\t    \t\t<span><\/span>\n\t\t    \t<\/a>\n\t\t    <\/div>\n\t\t<\/div>\n<\/div>\n<\/div>\n\n\n\n<p>The before and after screenshots from the security scans you saw are proof of this.<\/p>\n\n\n\n<p>And now that you&rsquo;ve read this tutorial, you too can take your WordPress security from &ldquo;plugin protected&rdquo; to &ldquo;server-level secured.&rdquo;<\/p>\n\n\n\n<p>On a final note, as a security best practice, I also recommend doing the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Run these security scans monthly.<\/li>\n\n\n\n<li>Keep documentation of your security configurations.<\/li>\n\n\n\n<li>Test after major WordPress updates to ensure everything&rsquo;s still working as intended.<\/li>\n\n\n\n<li><a href=\"https:\/\/themeisle.com\/blog\/wordpress-login-security\/\">Change your login page address<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/themeisle.com\/blog\/wordpress-limit-login-attempts\/\">Limit login attempts<\/a>.<\/li>\n\n\n\n<li>Activate two-factor authentication (or 2FA for short).<\/li>\n\n\n\n<li>Keep plugins and themes updated and delete ones that you don&rsquo;t use.<\/li>\n<\/ul>\n\n\n\n<p>&hellip;and lots more. WordPress security can take you down a deep rabbit hole, but what you learned here is sufficient to get you started and will protect your site from most attacks.<\/p>\n\n\n\n<p><strong><em>Do you have any questions? Let me know in the comments. I&rsquo;d be happy to help you out.<\/em><\/strong><\/p>\n\n\n<style>.ticss-d144f107 strong{font-weight: 700;\n    letter-spacing: -0.2px;\n    line-height: 1.2;\n    display: inline-block;}<\/style>\n\n\n<div class=\"wp-block-columns speed-guide has-white-color has-text-color has-background has-link-color wp-elements-2f81f6c5526477b5b4d52d1ca4513949 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\" style=\"background-color:#4267cf\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:40%\">\n<figure class=\"wp-block-image size-medium\"><img data-opt-id=30701221  data-opt-src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png\"  decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:eco\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png\" alt=\"speed guide\" class=\"wp-image-113040\" old-srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:1024\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:150\/h:150\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 150w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:768\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:50\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:240\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 240w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:397\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 397w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:600\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 600w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:148\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 148w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:195\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 195w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:135\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 135w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 2x\"><noscript><img data-opt-id=30701221  decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png\" alt=\"speed guide\" class=\"wp-image-113040\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:1024\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:150\/h:150\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 150w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:768\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:50\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:240\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 240w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:397\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 397w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:600\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 600w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:148\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 148w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:195\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 195w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:135\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 135w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 2x\" sizes=\"(max-width: 300px) 100vw, 300px\"></noscript><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-center ticss-58e79f2f\" style=\"font-size:14px\"><strong>FREE GUIDE<\/strong><\/p>\n\n\n\n<p class=\"ticss-d144f107\" style=\"font-size:25px\"><strong>4 Essential Steps to Speed Up Your&nbsp;WordPress Website<\/strong><\/p>\n\n\n\n<p class=\"ticss-3b627beb\">Follow the simple steps in our 4-part mini series and reduce your loading times by 50-80%.&nbsp;&#128640;<\/p>\n\n\n<p><\/p><div class=\"frm_forms  with_frm_style frm_style_themeisle\" id=\"frm_form_4_container\" data-token=\"c4c81c24bdb79c507973b64107966d8d\">\n<form enctype=\"multipart\/form-data\" method=\"post\" class=\"frm-show-form  frm_pro_form \" id=\"form_site-speed-guide-below-post\" data-token=\"c4c81c24bdb79c507973b64107966d8d\">\n<div class=\"frm_form_fields \">\n<fieldset>\n<legend class=\"frm_screen_reader\">Site Speed Guide - Below Post<\/legend>\r\n\r\n<div class=\"frm_fields_container\">\n<input type=\"hidden\" name=\"frm_action\" value=\"create\">\n<input type=\"hidden\" name=\"form_id\" value=\"4\">\n<input type=\"hidden\" name=\"frm_hide_fields_4\" id=\"frm_hide_fields_4\" value=\"\">\n<input type=\"hidden\" name=\"form_key\" value=\"site-speed-guide-below-post\">\n<input type=\"hidden\" name=\"item_meta[0]\" value=\"\">\n<input type=\"hidden\" id=\"frm_submit_entry_4\" name=\"frm_submit_entry_4\" value=\"d3ebcd4116\"><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/blog\/wp-json\/wp\/v2\/posts\/109289\"><input type=\"hidden\" name=\"item_meta[18]\" id=\"field_6px6q2\" value=\"\/blog\/wp-json\/wp\/v2\/posts\/109289\" data-frmval=\"\/blog\/wp-json\/wp\/v2\/posts\/109289\">\n<div id=\"frm_field_15_container\" class=\"frm_form_field form-field  frm_required_field frm_none_container\">\r\n\t<label for=\"field_6px6q\" id=\"field_6px6q_label\" class=\"frm_primary_label\">Your Email\r\n\t\t<span class=\"frm_required\" aria-hidden=\"true\">*<\/span>\r\n\t<\/label>\r\n\t<input type=\"email\" id=\"field_6px6q\" name=\"item_meta[15]\" value=\"\" autocomplete=\"email\" placeholder=\"your@email.com\" data-reqmsg=\"Your Email cannot be blank.\" aria-required=\"true\" data-invmsg=\"Your Email is invalid\" aria-invalid=\"false\">\r\n\t\r\n\t\r\n<\/div>\n<div id=\"frm_field_17_container\" class=\"frm_form_field form-field  frm_none_container vertical_radio\">\r\n\t<div id=\"field_6px6q3_label\" class=\"frm_primary_label\">Subscribe to our newsletter\r\n\t\t<span class=\"frm_required\" aria-hidden=\"true\"><\/span>\r\n\t<\/div>\r\n\t<div class=\"frm_opt_container\" aria-labelledby=\"field_6px6q3_label\" role=\"group\">\t\t<div class=\"frm_checkbox\" id=\"frm_checkbox_17-0\">\t\t\t<label for=\"field_6px6q3-0\">\n\t\t\t<input type=\"checkbox\" name=\"item_meta[17][]\" id=\"field_6px6q3-0\" value=\"true\" data-invmsg=\"Subscribe to our newsletter is invalid\" aria-invalid=\"false\"> Subscribe to our newsletter<\/label><\/div>\n<\/div>\r\n\t\r\n\t\r\n<\/div>\n<div id=\"frm_field_14_container\" class=\"frm_form_field form-field \">\r\n\t<div class=\"frm_submit frm_flex\">\r\n<button class=\"frm_button_submit frm_final_submit\" type=\"submit\" formnovalidate=\"formnovalidate\">FREE ACCESS<\/button>\r\n\r\n\r\n\r\n<\/div>\r\n<\/div>\n\t<input type=\"hidden\" name=\"item_key\" value=\"\">\n\t\t\t<div id=\"frm_field_24_container\">\n\t\t\t<label for=\"field_8g19i\">\n\t\t\t\tIf you are human, leave this field blank.\t\t\t<\/label>\n\t\t\t<input id=\"field_8g19i\" type=\"text\" class=\"frm_form_field form-field frm_verify\" name=\"item_meta[24]\" value=\"\">\n\t\t<\/div>\n\t\t<input name=\"frm_state\" type=\"hidden\" value=\"tGKtIG19U6wyYcew8uBttZS8B90kgQDxIPv3Lr82908kdKCs\/l0h48RQnQG\/UFbR\"><\/div>\n<\/fieldset>\n<\/div>\n\n<p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"ak_\"><label>&Delta;<textarea name=\"ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"ak_js\" value=\"134\"><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><\/form>\n<\/div>\n\n<\/div>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"If you&#8217;re like many WordPress users then you&#8217;ve probably installed a security plugin to help keep your website safe. This is an excellent first step. It will handle much of your protection, but if you truly care about your site&#8217;s security then you need to implement some manual changes at the server level. In this tutorial I&#8217;ll show you how (don&#8217;t worry, it&#8217;s not as difficult as it may sound).","protected":false},"author":68,"featured_media":109340,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_stopmodifiedupdate":true,"_modified_date":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[273],"tags":[],"hashtags":[],"class_list":["post-109289","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources"],"wppr_data":{"cwp_meta_box_check":"No"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.8 (Yoast SEO v26.1.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>7 Vulnerabilities Your WordPress Security Plugins Can&#039;t Protect You From<\/title>\n<meta name=\"description\" content=\"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"7 Vulnerabilities Your WordPress Security Plugins Can&#039;t Protect You From (And How to Fix Them Manually)\" \/>\n<meta property=\"og:description\" content=\"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Themeisle Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-27T09:38:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-27T09:38:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2180\" \/>\n\t<meta property=\"og:image:height\" content=\"1090\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Martin Dubovic\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Martin Dubovic\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\"},\"author\":{\"name\":\"Martin Dubovic\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/person\/9aa19aa295f0e6aa2d6c0b4079a1a660\"},\"headline\":\"7 Vulnerabilities Your WordPress Security Plugins Can&#8217;t Protect You From (And How to Fix Them Manually)\",\"datePublished\":\"2025-01-27T09:38:36+00:00\",\"dateModified\":\"2025-01-27T09:38:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\"},\"wordCount\":2507,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png\",\"articleSection\":[\"Resources\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\",\"url\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\",\"name\":\"7 Vulnerabilities Your WordPress Security Plugins Can\\\\'t Protect You From\",\"isPartOf\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png\",\"datePublished\":\"2025-01-27T09:38:36+00:00\",\"dateModified\":\"2025-01-27T09:38:39+00:00\",\"description\":\"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.\",\"breadcrumb\":{\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage\",\"url\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png\",\"contentUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png\",\"width\":2180,\"height\":1090,\"caption\":\"manually harden wordpress security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/themeisle.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"7 Vulnerabilities Your WordPress Security Plugins Can&#8217;t Protect You From (And How to Fix Them Manually)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/themeisle.com\/blog\/#website\",\"url\":\"https:\/\/themeisle.com\/blog\/\",\"name\":\"Themeisle Blog\",\"description\":\"WordPress Tutorials and Reviews for Beginners and Advanced\",\"publisher\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/themeisle.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\",\"name\":\"VertiStudio\",\"alternateName\":\"Vertigo Studio SA\",\"url\":\"https:\/\/themeisle.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png\",\"contentUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png\",\"width\":718,\"height\":156,\"caption\":\"VertiStudio\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/person\/9aa19aa295f0e6aa2d6c0b4079a1a660\",\"name\":\"Martin Dubovic\",\"description\":\"Martin wrote his first e-book and built his first website using Weebly to market it and sell it in 2013. After making his first sale, he knew he was onto something. A few years later he made the switch to WordPress and from then on he became a full on WordPress addict. When he\\\\'s not WordPress-ing, you can find him doing pullups, handstands, drinking matcha, and of course, writing.\",\"url\":\"https:\/\/themeisle.com\/blog\/author\/martin-d\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"7 Vulnerabilities Your WordPress Security Plugins Can&#039;t Protect You From","description":"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/","og_locale":"en_US","og_type":"article","og_title":"7 Vulnerabilities Your WordPress Security Plugins Can&#039;t Protect You From (And How to Fix Them Manually)","og_description":"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.","og_url":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/","og_site_name":"Themeisle Blog","article_published_time":"2025-01-27T09:38:36+00:00","article_modified_time":"2025-01-27T09:38:39+00:00","og_image":[{"width":2180,"height":1090,"url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png","type":"image\/png"}],"author":"Martin Dubovic","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Martin Dubovic","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#article","isPartOf":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/"},"author":{"name":"Martin Dubovic","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/person\/9aa19aa295f0e6aa2d6c0b4079a1a660"},"headline":"7 Vulnerabilities Your WordPress Security Plugins Can&#8217;t Protect You From (And How to Fix Them Manually)","datePublished":"2025-01-27T09:38:36+00:00","dateModified":"2025-01-27T09:38:39+00:00","mainEntityOfPage":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/"},"wordCount":2507,"commentCount":6,"publisher":{"@id":"https:\/\/themeisle.com\/blog\/#organization"},"image":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage"},"thumbnailUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png","articleSection":["Resources"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/","url":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/","name":"7 Vulnerabilities Your WordPress Security Plugins Can\\'t Protect You From","isPartOf":{"@id":"https:\/\/themeisle.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage"},"image":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage"},"thumbnailUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png","datePublished":"2025-01-27T09:38:36+00:00","dateModified":"2025-01-27T09:38:39+00:00","description":"Many WordPress users think that because they use a security plugin that their site is safe. But some dangers can only be handled manually.","breadcrumb":{"@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#primaryimage","url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png","contentUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/01\/manually-harden-wordpress-security.png","width":2180,"height":1090,"caption":"manually harden wordpress security"},{"@type":"BreadcrumbList","@id":"https:\/\/themeisle.com\/blog\/manually-harden-wordpress-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/themeisle.com\/blog\/"},{"@type":"ListItem","position":2,"name":"7 Vulnerabilities Your WordPress Security Plugins Can&#8217;t Protect You From (And How to Fix Them Manually)"}]},{"@type":"WebSite","@id":"https:\/\/themeisle.com\/blog\/#website","url":"https:\/\/themeisle.com\/blog\/","name":"Themeisle Blog","description":"WordPress Tutorials and Reviews for Beginners and Advanced","publisher":{"@id":"https:\/\/themeisle.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/themeisle.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/themeisle.com\/blog\/#organization","name":"VertiStudio","alternateName":"Vertigo Studio SA","url":"https:\/\/themeisle.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png","contentUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png","width":718,"height":156,"caption":"VertiStudio"},"image":{"@id":"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/person\/9aa19aa295f0e6aa2d6c0b4079a1a660","name":"Martin Dubovic","description":"Martin wrote his first e-book and built his first website using Weebly to market it and sell it in 2013. After making his first sale, he knew he was onto something. A few years later he made the switch to WordPress and from then on he became a full on WordPress addict. When he\\'s not WordPress-ing, you can find him doing pullups, handstands, drinking matcha, and of course, writing.","url":"https:\/\/themeisle.com\/blog\/author\/martin-d\/"}]}},"_links":{"self":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/109289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/comments?post=109289"}],"version-history":[{"count":42,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/109289\/revisions"}],"predecessor-version":[{"id":109576,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/109289\/revisions\/109576"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/media\/109340"}],"wp:attachment":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/media?parent=109289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/categories?post=109289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/tags?post=109289"},{"taxonomy":"hashtags","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/hashtags?post=109289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}