In this article:
- What’s Subresource Integrity (SRI)?
- Install the Subresource Integrity (SRI) Manager
- Exclude Resources
- WordPress Security
What’s Subresource Integrity?
integrity checksum or stronger alongside the
src (source) URL for comparison to accomplish this.
Many web developers can edit a few lines within their .htaccess file to accomplish this. Unfortunately, this doesn’t work for WordPress websites because of the way its core scripts are coded. There’s currently a Trac ticket regarding its possible implementation.
Warning: The Subresource Integrity (SRI) Manager plugin reportedly hasn’t been tested with the latest 3 major releases of WordPress. We’ve successfully tested its functionality and confirmed with the plugin developer(s) that it’s regularly checked for compatibility. As always, exercise caution when installing potentially abandoned plugins and create a full cPanel backup before continuing.
Install Subresource Integrity (SRI) Manager
- Log into WordPress.
- Install the Subresource Integrity (SRI) Manager plugin.
- Click Activate.
- Scan your website at Observatory.Mozilla.org. If successful, you’ll see the following within the test results:
Subresource Integrity (SIR) is implemented and all scripts are loaded securely
If your website has plugins or themes using the WordPress API, you can exclude those resources if needed.
- On the left, hover over Tools and click Subresource Integrity Manager.
- Exclude any resources necessary. If your website doesn’t have any plugins or themes using the WordPress API, or if the plugin doesn’t detect any, the page will state “No hashes known”.
If this doesn’t fix an issue caused by SRI Manager, you’ll need to contact the broken plugin or theme’s developer(s) for further assistance. You can find developers’ contact info from their respective WordPress.org/plugins page by clicking the name under the plugin name.
Security requires a proactive defense-in-depth approach. And the more popular a software is, the more likely it is to be tested for vulnerabilities. For these reasons, you should implement security enhancements at every level – your InMotion Hosting Account Management Panel (AMP) account, cPanel, WebHost Manager (WHM) for VPS/Dedicated users with Root access, and website.
Please consider the following security implementations for better overall security:
- Use Strong AMP and cPanel passwords
- Create cPanel backups regularly
- Improve email authentication to fight spam and your domain from being marked as spam
- 10 Ways to Secure WordPress
- Consider Sucuri for monitored web application firewall (WAF) services
- Upgrade to managed VPS Hosting for additional security options such as cPHulk Brute Force Protection
If you have any questions, feel free to contact our 24/7 Live Support.