Simplified Instructions to Enable Content Security Policy (CSP) on a WordPress Site using cPanel
- Log in to cPanel: Use your username and password to access your cPanel account.
- Open File Manager: In the “Files” section, click on “File Manager.”
- Go to Root Directory: Navigate to the root directory of your WordPress site, usually the public_html folder.
- Find .htaccess File: Look for the .htaccess file in the root directory. It should be there in a standard WordPress installation.
- Edit .htaccess File: Select the .htaccess file and click “Edit” at the top of File Manager.
- Add CSP Configuration: Insert the following code into the .htaccess file, ensuring not to overwrite existing content:
<IfModule mod_headers.c> Header set Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self';" </IfModule>
To allow resources from specific external domains, modify the directives (e.g.,
img-src 'self' https://domain.com.my;).