Hello everyone,
We are pleased to introduce a new plugin called Security Headers, developed and maintained by Ashvisual Theme. This plugin aims to enhance the security of your OJS platform by adding a set of essential, modern HTTP security headers.
This plugin operates with “default with override” logic, meaning it provides robust security settings right out-of-the-box, while still offering full flexibility for administrators to customize as needed.
Key Features:
-
Adds Modern Security Headers: Implements best practices to protect your site from common attacks like clickjacking, XSS, and MIME-sniffing. -
Secure Defaults: Comes with recommended default values for all headers, so you don’t need to configure anything unless required. -
Flexible Customization: Allows administrators to override the value of each header for the entire site or for individual journals. -
Removes X-Powered-ByHeader: Hides server technology information to reduce the informational footprint.
System Requirements:
- OJS version: 3.3.x, 3.4.x, 3.5.x
How to Verifying the Headers:
After configuring the plugin, you can verify that the security headers are being applied correctly using a free online tool like securityheaders.com. Enter your journal’s URL and initiate the scan. The results will show you which HTTP security headers are active on your site.
We hope this plugin is useful for improving the security of your site. Please feel free to provide feedback or report any issues.
Download
Enhance Your Security Even Further!
For more comprehensive security, we have also developed the File Integrity Scanner plugin. This tool helps you monitor your OJS installation files for any unauthorized changes.
Combining the Security Headers and File Integrity Scanner plugins will make your OJS installation significantly more secure. Check out the File Integrity Scanner plugin here: New Plugin for Feedback: File Integrity Scanner to secure OJS.
We hope this plugin is useful. Please feel free to provide feedback or report any issues.
Thank you!