Strict CSP
Enforces a Strict Content Security Policy on the frontend and login screen to help mitigate any XSS vulnerabilities.
00
·20 active installs·Updated 4 months agoAs of April 2026, Strict CSP is a WordPress security plugin with 20 active installations and a 0/5 rating0. It has been downloaded 575 times in total. Requires WordPress 6.4+ and PHP 7.2+. Available on WordPress.org since 2025. Top alternative: Wordfence Security – Firewall, Malware….
0/5Rating
20active installs
575total downloads
1 yearsince 2025
Overview
This plugin enforces a Strict Content Security Policy (CSP) on the frontend and login screen. This helps mitigate cross-site scripting (XSS) vulnerabilities. The policy cannot yet be applied to the WP Admin (see #59446).
In #58664, the manual construction of script tags was eliminated from WP_Scripts and inline scripts on frontend/login screen, thanks to the helper functions which had previously been introduced in #39941. This made it possible to apply Strict CSP, as long as themes and plugins are not directly printing <script> tags. Some bundled WordPress core themes still do this incorrectly (which has been reported in Trac as #63806). For example, do not do this:
function my_theme_supports_js() {
echo '<script>document.body.classList.remove("no-js");<…Ratings & Reviews
00 reviews
5 ★
0
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 6.4+ requiredTested up to 6.9.4 |
| PHP | 7.2+ required |
Top Alternatives to Strict CSP
Frequently Asked Questions
Changelog
View full changelog on WordPress.org
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.