/**
* 安全Headers – 三站统一配置
* HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
*/
function add_security_headers() {
// HSTS (已由Cloudflare处理, 此处做双保险)
header(‘Strict-Transport-Security: max-age=31536000; includeSubDomains; preload’);
// 内容安全策略 (宽松模式, 兼容第三方资源)
header(“Content-Security-Policy: default-src ‘self’ https:; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ https:; style-src ‘self’ ‘unsafe-inline’ https:; img-src ‘self’ data: https:; font-src ‘self’ data: https:; connect-src ‘self’ https:; frame-src ‘self’ https:;”);
// 防止点击劫持
header(‘X-Frame-Options: SAMEORIGIN’);
// 防止MIME嗅探
header(‘X-Content-Type-Options: nosniff’);
// XSS防护
header(‘X-XSS-Protection: 1; mode=block’);
// 跨域引用策略
header(‘Referrer-Policy: strict-origin-when-cross-origin’);
// 权限策略 (禁用不需要的功能)
header(“Permissions-Policy: camera=(), microphone=(), geolocation=(), interest-cohort=()”);
// 移除PHP/WordPress版本信息
header_remove(‘X-Powered-By’);
header_remove(‘X-Redirect-By’);
}
add_action(‘send_headers’, ‘add_security_headers’);
/**
* 禁用XML-RPC (安全)
*/
add_filter(‘xmlrpc_enabled’, ‘__return_false’);
/**
* 限制登录尝试 (基础保护)
*/
add_filter(‘wp_headers’, function($headers) {
if (isset($headers[‘X-Pingback’])) {
unset($headers[‘X-Pingback’]);
}
return $headers;
});
/**
* 禁用REST API用户枚举
*/
add_filter(‘rest_endpoints’, function($endpoints) {
if (isset($endpoints[‘/wp/v2/users’])) {
unset($endpoints[‘/wp/v2/users’]);
}
if (isset($endpoints[‘/wp/v2/users/(?P
unset($endpoints[‘/wp/v2/users/(?P
}
return $endpoints;
});
