SeaSP Content Security Policy Manager

WordPress Site Security

“This is a complex process to sort through and your plugin handles this nicely.”

A Content Security Policy (CSP) is a browser security standard that controls what domains, subdomains, and resources a browser can load on a given web page.

500+
Downloads

4.5/5
SeaSP Plugin

Have you tried our plugin?

Leave us a Review

Submit your review
1
2
3
4
5
Submit
     
Cancel

Create your own review

bykeshaba12k on
One of the best security content protector

Best plugin when it comes to protecting and managing your content and it also collects the data of you site which violates certain things to help you to find and correct as soon as possible.it also auto mates mail processing making it easier for the user to manage...It also packed up with some ton of awesome feature in it. The way this plugins offers and care about user privacy and security is just worthy 👍Five stars from my side.

Starfish

Why are CSPs difficult?

To create a Content Security Policy, you must track all the files your site is loading. Identify every tag, from Google Analytics, to Facebook pixels, every file from stylesheets, to javascript calls. After cataloging these, you must approve or deny these files.

That’s why CSPs are:

  • cumbersome to build
  • time-consuming
  • complicated
  • technical

How SeaSP makes implementation easy

How it Works

Automated Tags

1. Automated Tag Inventory

Collect violations in report-only mode. Violations are stored in the WordPress Database.

Approve or Deny Domains

2. Approve Domains

The user approves the domains from the report to generate the CSP.

Blocking Mode CSP

3. Set Directive Setting

When the user is finishes approving domains, the user can activate their blocking CSP.

on your site. If a Content Security Policy is not implemented properly it can break site functionality. For example, if you didn’t allow your CSS to load, your page may look broken. Or if you didn’t approve your MailChimp URL, then your forms may not work.

This is why it’s so important to get it right the first time. With SeaSP you can see all the files loaded on your site to quickly approve what’s needed to make your site work. You can also quickly turn on and off your Content Security Policy with a button click, so if you ever have issues it’s quick to turn off and adjust.

Yes, this plugin is under constant development by Blue Triangle's Engineers. Currently, we have plans to release a pro-version of this plugin for a minimal price. We also offer Blue Triangle Enterprise CSP and Tag Manager for a fully automated CSP.

Wordfence uses a Web Application Firewall (WAF) that protects web applications. Wordfence also offers a security scanner that looks for malware and other code injections and compares your files with the WordPress.org repo.

The difference between SeaSP and Wordfence is SeaSP inventories all files on your site, and you quickly approve what files are allowed access. This level of control prevents any unauthorized or third-party piggyback tags from loading. Wordfence allows advanced manual blocking of IP addresses, specific web browsers, and referring websites in any combination. SeaSP doesn’t need to know what to block because it only allows approved content. Best practices for website security include WAF and a Content Security Policy!

You do not need to be a security expert to use our CSP plugin. We have simplified the process of creating a Content Security Policy Manager so that you don't need to fuss with specifics. We have integrated a lot of the standard documentation for implementing a CSP on your site into the WordPress plugin. That being said we would not discourage you from learning more about this very powerful tool. Here's a great link for anything CSP related. Additionally, Blue Triangle has written several articles on the subject that can be found in the dashboard section of the plugin.

While a CSP is an extra layer of security to prevent malicious code from reaching your site, it's not a complete solution. To avoid a WordPress hack include the use of strong and secure passwords, SSL certificates, secure hosting, and two-factor authentication, and regular back-ups. Those are just a few of the other security measures you will want to take to keep your WordPress site secure.

Yes, we currently support the following:

  • default-src
  • child-src
  • connect-src
  • font-src
  • frame-src
  • img-src
  • mainfest-src
  • media-src
  • prefetch-src
  • script-src
  • script-src-elem
  • script-src-attr
  • style-src
  • style-src-elem
  • style-src-attr
  • worker-src
  • base-uri
  • form-action
  • frame-ancestors
  • navigate-to

These directives can be toggled to use host-source: HTTP: HTTPS, WSS. Scheme-source: data, mediastream, blob, filesystem. Or other: self, unsafe-eval, wasm-eval, unsafe-hashes, unsafe-inline, none, strict-dynamic.

Our Plugin

Additional Resources