Question

Security Headers on WordPress Website

Hi, I’m trying to add security headers on my site (recommended by a tool), and as I add the code to my .htaccess file, the site gives 500 internal error.

I followed two websites and none of the code seems to be working. Here is the error image and below are the site which I’m following.

https://www.webarxsecurity.com/https-security-headers-wp/ https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/how-add-http-security-headers-wordpress/

Can anyone help in this matter?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Thanks, Alex. I did what you suggested, and installed the module. I don’t see any syntax errors, but by running:

apachectl -M | grep -i headers

I get the below message:

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message headers_moudle (shared)

Also, I’m getting the same 500 internal server error.

Thanks, @alexdo for responding. There aren’t any syntax errors, but when I generate the logs, I get some messages printing. I don’t know how to copy the text from the console, but I have attached the screenshot of what it looks like. I’m using a plugin for now, but it would be great to learn to implement security header in .htaccess rather than installing a plugin.

Log screenshot

Hello, @madhsudhan

The snippet of code might not be compatible with the installed version of Apache (2.2 or 2.4). What you can do is to add the code in the .htaccess file and then examine the apache error log to see the exact issue that is causing the problem.

You can examine the error log using this command:

tail -n 200 /var/log/apache2/error.log

This will print the last 200 logged rows in the error_Log file, if you do not see any errors you can increase the value and print more rows if needed. However if you add the snippet in the .htaccess file and then quickly access the site in order to produce the 500 error and then remove the code from the file you should be able to see the detailed error in the the log file using the command that I’ve provided.

Also you can check the Apache configuration for any syntax errors:

apachectl -t

or

apachectl configtest

Let me know how it goes.

Regards, Alex