HSTS for WordPress: Pros, Cons, and Safer Rollouts
If you run a WordPress site over HTTPS, HSTS is one of those headers that feels like a no-brainer right up until it locks you into a bad decision. I like HSTS. I use it on production sites. But I don’t recommend flipping it on casually, especially on WordPress installs with old plugins, mixed-content debt, weird subdomains, or a hosting setup you don’t fully control. This guide compares the upside and downside of HSTS for WordPress, and where it makes sense versus where it can bite you. ...