Documentation

Guide to Managing CSP Report-Only Mode in the AIBMS Authipay Plugin

Introducing CSP Report-Only Mode

Welcome! The AIBMS Authipay plugin now includes an exciting addition: Content Security Policy (CSP) in report-only mode. Think of it as a vigilant observer, identifying potential security threats without disrupting your site’s functionality. This guide will walk you through what this feature means for you and how to adjust it to fit your needs.

Understanding CSP Report-Only Mode

CSP report-only mode acts like a security audit, flagging up issues such as suspicious scripts without blocking them. This allows you to assess and address security vulnerabilities based on real-world data, ensuring your site remains both secure and user-friendly.

Why It’s Enabled By Default

We’ve activated CSP report-only mode by default to offer you immediate security insights:

  • Immediate Security Alerts: Get instant notifications about potential security issues, enabling proactive measures.
  • Seamless User Experience: The mode monitors without interfering, ensuring your site’s performance remains unaffected.
  • Simplicity: Benefit from advanced security with minimal setup, no technical expertise required.

Disabling CSP Report-Only Mode

If you have specific security configurations in mind or prefer to handle things differently, you might opt to disable CSP report-only mode. Here’s how:

  1. Access Your Theme: Locate the functions.php file within your active WordPress theme’s directory (wp-content/themes/your-theme-name/).
  2. Insert the Disabling Code: Add the following line to the end of the file:


    This code deactivates CSP report-only mode for your site.

  3. Save Your Changes: After saving the file, CSP report-only mode will be disabled, allowing you to manage content security as you see fit.

Considerations Before Disabling

Before turning off CSP report-only mode, consider the value of the insights it provides in identifying potential threats. Ensure you have a robust security strategy in place to protect your site and its visitors.

Conclusion

The introduction of CSP report-only mode in the AIBMS Authipay plugin is a testament to our commitment to your site’s security and efficiency. Whether you choose to utilise this feature or disable it, this guide is designed to help you navigate your options with ease and confidence.

FAQs

Q: Does disabling CSP report-only mode impact my site’s security?
A: Disabling this mode means you won’t receive alerts about potential security issues, which could be invaluable for proactive security management. Ensure you have alternative security measures in place.

Q: Can I re-enable CSP report-only mode if I change my mind?
A: Yes, you can re-enable CSP report-only mode at any time by removing the CSP_BYPASS code or setting it to false in your functions.php file or remove the code define(‘CSP_BYPASS’, true); .

Q: Is it essential to have another security strategy if I disable CSP?
A: Yes, maintaining a secure website is crucial. If you decide to disable CSP report-only mode, make sure you implement other security practices to safeguard your site against threats.

Was this helpful?

AIBMS Authipay

Don't already have the plugin? Get access now.

Still need help?

Our team are on hand to provide fast, helpful and professional support.

Support request
All systems operational

Back End Demo

Start exploring our fully functional demo site today.
Gain exclusive admin access to see what's possible.

Create your demo now

Front End Demo

Test drive our plugin on the demo site.

View Demo