New to Translating WordPress? Read through our Translator Handbook to get started. Hide
| Prio | Original string | Translation | — |
|---|---|---|---|
| Purchase Shield, download the ZIP from your order confirmation, go to Plugins → Add New → Upload Plugin → replace the existing plugin. Then enter your license key in the License tab. All your settings are preserved. | You have to log in to add a translation. | Details | |
Original untranslated
Purchase Shield, download the ZIP from your order confirmation, go to Plugins → Add New → Upload Plugin → replace the existing plugin. Then enter your license key in the License tab. All your settings are preserved.
ReferencesYou have to log in to edit this translation. |
|||
| How do I install Shield? | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Your site stays fully protected. All headers keep working. You lose Shield features (dashboard, advisor, alerts, analytics) and revert to the free version. Nothing breaks. | You have to log in to add a translation. | Details | |
Original untranslated
Your site stays fully protected. All headers keep working. You lose Shield features (dashboard, advisor, alerts, analytics) and revert to the free version. Nothing breaks.
ReferencesYou have to log in to edit this translation. |
|||
| What happens when Shield license expires? | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Your server (Apache/Nginx) already sends some headers, and the plugin adds them again. Go to Settings → "Resolve duplicate site headers" and check the boxes for the duplicated headers. | You have to log in to add a translation. | Details | |
Original untranslated
Your server (Apache/Nginx) already sends some headers, and the plugin adds them again. Go to Settings → "Resolve duplicate site headers" and check the boxes for the duplicated headers.
ReferencesYou have to log in to edit this translation. |
|||
| I see "Duplicate header" warnings | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Usually means CSP is not configured or using only the default. Configure all headers in Settings. Check each header section and enable the ones that show as missing. | You have to log in to add a translation. | Details | |
Original untranslated
Usually means CSP is not configured or using only the default. Configure all headers in Settings. Check each header section and enable the ones that show as missing.
ReferencesYou have to log in to edit this translation. |
|||
| SecurityHeaders.com shows a bad grade | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| The nosniff value prevents browsers from guessing file types. Stops MIME-confusion attacks where text files get executed as scripts. | You have to log in to add a translation. | Details | |
Original untranslated
The nosniff value prevents browsers from guessing file types. Stops MIME-confusion attacks where text files get executed as scripts.
ReferencesYou have to log in to edit this translation. |
|||
| What does X-Content-Type-Options do? | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Controls browser APIs: camera, microphone, geolocation, payment, USB. Setting them to () disables access, preventing malicious scripts from using sensitive device features. | You have to log in to add a translation. | Details | |
Original untranslated
Controls browser APIs: camera, microphone, geolocation, payment, USB. Setting them to () disables access, preventing malicious scripts from using sensitive device features.
ReferencesYou have to log in to edit this translation. |
|||
| What does Permissions-Policy do? | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Controls iframe embedding. SAMEORIGIN allows only your domain to frame your pages. Prevents clickjacking attacks where malicious sites embed your site in hidden iframes. | You have to log in to add a translation. | Details | |
Original untranslated
Controls iframe embedding. SAMEORIGIN allows only your domain to frame your pages. Prevents clickjacking attacks where malicious sites embed your site in hidden iframes.
ReferencesYou have to log in to edit this translation. |
|||
| What does X-Frame-Options do? | You have to log in to add a translation. | Details | |
Original untranslated |
|||
| Your server sends the CSP with Content-Security-Policy-Report-Only instead of Content-Security-Policy. The browser checks the policy but blocks nothing — only reports violations. Perfect for testing. | You have to log in to add a translation. | Details | |
Original untranslated
Your server sends the CSP with Content-Security-Policy-Report-Only instead of Content-Security-Policy. The browser checks the policy but blocks nothing — only reports violations. Perfect for testing.
ReferencesYou have to log in to edit this translation. |
|||
Export as