Quelques snippets pour sécuriser WordPress

# BEGIN Header Security & HSTS
<IfModule mod_headers.c>
	Header set Access-Control-Allow-Methods "GET,POST"
	Header set Access-Control-Allow-Headers "Content-Type, Authorization"
	Header set Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'"
	Header set Cross-Origin-Embedder-Policy "unsafe-none; report-to='default'"
	Header set Cross-Origin-Embedder-Policy-Report-Only "unsafe-none; report-to='default'"
	Header set Cross-Origin-Opener-Policy "unsafe-none"
	Header set Cross-Origin-Opener-Policy-Report-Only "unsafe-none; report-to='default'"
	Header set Cross-Origin-Resource-Policy "cross-origin"
	Header set Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"
	Header set Referrer-Policy "strict-origin-when-cross-origin"
	Header set Strict-Transport-Security "max-age=63072000"
	Header set X-Content-Type-Options "nosniff"
	Header set X-Frame-Options "SAMEORIGIN"
	Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
# END Header Security & HSTS

// Redirect access to author pages
function abym_author_page_redirect() {
    $is_author_set = get_query_var( 'author', '' );
	if ( $is_author_set != '' && !is_admin()) {
		wp_redirect( home_url(), 301 );
		exit;
	}
}
add_action( 'template_redirect', 'abym_author_page_redirect' );