SeaSP Content Security Policy Manager

WordPress Site Security​

A Content Security Policy (CSP) is a browser security standard that controls what domains, subdomains, and resources a browser can load on a given web page.

piggy-back-tags-blue

A simple CSP can prevent cross-site scripting & other data injection attacks like Magecart and piggy-back tags.

CSP Loading

CSPs are time-consuming and if they aren’t done properly could break site functionality.

CSP

That’s why Blue Triangle created SeaSP, the Automated CSP Plugin for WordPress.

starfish-min

“This is a complex process to sort through and your plugin handles this nicely.”

Why are CSPs difficult?

To create a Content Security Policy, you must track all the files your site is loading. Identify every tag, from Google Analytics, to Facebook pixels, every file from stylesheets, to javascript calls. After cataloging these, you must approve or deny these files.

That’s why CSPs are

  • cumbersome to build

  • time-consuming

  • complicated

  • technical

How SeaSP makes implementation easy

How it Works
tags-blue

1. Automated Tag Inventory

Collect violations in report-only mode. Violations are stored in the WordPress Database.

Approve or Deny

2. Approve Domains

The user approves the domains from the report to generate the CSP.

csp-lock

3. Set Directive Settings

When the user is finishes approving domains, the user can activate their blocking CSP.

A Content Security Policy is a set off rules that allows selected files and scripts to load on your site. If a Content Security Policy is not implemented properly it can break site functionality. For example, if you didn’t allow your CSS to load, your page may look broken. Or if you didn’t approve your MailChimp URL, then your forms may not work.

 

This is why it’s so important to get it right the first time. With SeaSP you can see all the files loading on your site to quickly approve what’s needed to make your site work. You can also quickly turn on and off your Content Security Policy with a button click, so if you ever have issues it’s quick to turn off and adjust.

Yes this plugin is under constant development by Blue Triangle's Engineers. Currently we have plans to release a pro-version of this plugin for a minimal price. We also offer Blue Triangle Enterprise CSP Manager for a fully automated CSP.

Wordfence uses a Web Application Firewall (WAF) that protects web applications.  Wordfence also offers a security scanner that looks for malware and other code injections and compares your files with the WordPress.org repo.

 

The difference between SeaSP and Wordfence is SeaSP inventories all files on your site, and you quickly approve what files are allowed access.  This level of control prevents any unauthorized or third-party piggyback tags from loading.  Wordfence allows advanced manual blocking of IP addresses, specific web browsers, and referring websites in any combination.  SeaSP doesn’t need to know what to block because it only allows approved content.  Best practices for website security include WAF and a Content Security Policy!

You do not need to be a security expert to use our CSP plugin. We have simplified the process of creating a Content Security Policy so that you don't need to fuss with specifics. We have integrated a lot of the standard documentation for implementing a CSP on your site into the plugin. That being said we would not discourage you from learning more about this very powerful tool. Here's a great link for anything CSP related. Additionally Blue Triangle has written several articles on the subject that can be found in the dashboard section of the plugin.

While a CSP is an extra layer of security to prevent malicious code from reaching your site, it's not a complete solution. The use of strong and secure passwords, SSL certificates, secure hosting, and two-factor authentication, and regular back-ups are just a few. 

Our Plugin

Like our plugin? Leave us a review.