WordPress Security Header Optimization
Advanced security header optimization toolkit. Content-Security-Policy, Strict Transport Security (HSTS), Public-Key-Pins (HPKP), X-XSS-Protection and CORS.
Step 1: Install Github Updater and first optimization plugin
Installing and updating the plugins is possible using Github Updater. It is easy to install one of the plugins. You simply need to download the Github Updater plugin (zip file), install it from the WordPress plugin admin panel and copy the Github URL of the plugin into the Github Updater installer.
Step 2: Install other optimization plugins with a single click
A recent update of all plugins contains a easy single click install button.
This plugin is a toolkit for HTTP Security Header optimization.
The plugin provides in a complete solution for Content Security Policy Management with support for Reporting API and legacy policy conversion based on browser sniffing.
JSON Schema based configuration
The plugin supports most security headers, including Strict Transport Security (HSTS), Public-Key-Pins (HPKP), X-XSS-Protection and all Cross-Origin Resource Sharing (CORS) related headers (Access-Control-Allow-Origin).
All settings of the plugin can be controlled from a single JSON editor. As part of the WPO collection, the plugin settings can be controlled via a single optimization JSON configuration.
Additional features can be requested on the Github forum.
WordPress WPO Collection
The WPO optimization plugins provide in all essential tools that enable to achieve perfect Google Lighthouse Test scores and to validate a website as Google PWA, an important ranking factor for Google's Speed Update (July 2018).
The WPO optimization plugins are designed to work together with single plugin performance. The plugins provide the latest optimization technologies and many unique innovations.
100% of the WPO plugin settings are controlled by JSON. This means that you could use the plugins without ever using the WordPress admin forms.
The JSON is verified using JSON schema's. More info about JSON schemas.
Local editing of optimization settings
A recently added Stealth Optimization Config Proxy concept makes it possible to edit the plugin settings using physical
.json files from a local editor (with auto upload) making it efficient for fine tuning optimization settings. An update would cost a second compared to using + saving a WordPress admin panel.
Google PageSpeed vs Google Lighthouse Scores
While a Google PageSpeed 100 score is still of value, websites with a high Google PageSpeed score may score very bad in Google's new Lighthouse performance test.
The following scores are for the same site. It shows that a perfect Google PageSpeed score does not correlate to a high Google Lighthouse performance score.
Google PageSpeed score is outdated
For the open web to have a chance of survival in a mobile era it needs to compete with and win from native mobile apps. Google is dependent on the open web for it's advertising revenue. Google therefor seeks a way to secure the open web and the main objective is to rapidly enhance the quality of the open web to meet the standards of native mobile apps.
For SEO it is therefor simple: websites will need to meet the standards set by the Google Lighthouse Test (or Google's future new tests). A website with perfect scores will be preferred in search over low performance websites. The officially announced Google Speed Update (July 2018) shows that Google is going as far as it can to drive people to enhance the quality to ultra high levels, to meet the quality of, and hopefully beat native mobile apps.
A perfect Google Lighthouse Score includes validation of a website as a Progressive Web App (PWA).
Google offers another new website performance test that is much tougher than the Google PageSpeed score. It is based on a AI neural network and it can be accessed on https://testmysite.thinkwithgoogle.com