dipakcg

# Add the following security headers in the root .htaccess file of WordPress #
# Get A+ Security Headers Score under securityheaders.com #

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.api.twitter.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://js-agent.newrelic.com https://*.nr-data.net https://*.wp.com https://*.gravatar.com https://*.wp.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://dashboard.wordpress.com https://s-ssl.wordpress.com https://dashboard.google.com https://wordpress.org https://*.w.org https://*.gravatar.co

dipakcg

// Get the first embedded image from the content
function catch_the_first_image() {
    global $post, $posts;
    $first_img = '';
    ob_start();
    ob_end_clean();
    $output = preg_match_all('/<img.+?src=[\'"]([^\'"]+)[\'"].*?>/i', $post->post_content, $matches);
    
    if ( isset( $matches[1][0] ) ) {
        $first_img = $matches[1][0];

dipakcg

<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

dipakcg

/* Check plugin dependency */
dcg_check_plugin_dependency('Easy Digital Downloads - Product Gallery for Frontend Submissions', 'Easy Digital Downloads - Frontend Submissions', 'edd-fes/edd-fes.php', '', null);
dcg_check_plugin_dependency('Easy Digital Downloads - Product Gallery for Frontend Submissions', 'Olam Multiple Image', 'olam-multiple-images/olam-multiple-images.php', '', null);

/**
 * Verify if a plugin is active, if not deactivate the actual plugin an show an error
 * @param  [string]  $my_plugin_name
 *                   The plugin name trying to activate. The name of this plugin
 *                   Ex:
 *                   WooCommerce new Shipping Method

dipakcg

// FES form field name : Prices and Files

add_filter( 'upload_mimes', 'dcg_restrict_mime_types', 1, 1 );
function dcg_restrict_mime_types( $mime_types )
{
    
    $user = wp_get_current_user(); // get the current user
    // if user is shop vendor or a shop manager
    if ( in_array( 'shop_vendor', (array) $user->roles ) || in_array( 'shop_manager', (array) $user->roles ) ) {
        

dipakcg

# Add the following to the WordPress installation's root .htaccess file
# Extra Security Headers
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
    Header set Referrer-Policy "no-referrer-when-downgrade"
    Header set Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://dipakgajjar.com
    Header set Expect-CT enforce,max-age=2592000,report-uri="https://dipakgajjar.com/report"

dipakcg

This is the technique I use to defer Youtube videos, when optimising the performance of WordPress site.

(1) Replace Youtube iFrame embed code with the below one:
----------------------

<div class="dcg-responsive-container">
  <iframe class="dcg-responsive-iframe" src="" data-src="https://www.youtube.com/watch?v=nEFZLFyZNcE?rel=0" frameborder="0" allowfullscreen style="border:0"></iframe>
</div>

(2) Add the following CSS element (stylesheet element that will make Youtube iFrame Responsive) (style.css?):

dipakcg

{"lastUpload":"2022-01-27T04:24:31.493Z","extensionVersion":"v3.4.3"}

dipakcg

if ( !is_admin() ) {
	
    	// Deregister the jquery version bundled with WordPress.
    	wp_deregister_script( 'jquery' );
    
    	// CDN hosted jQuery placed in the header, as some plugins require that jQuery is loaded in the header.
    	wp_register_script( 'jquery', '//ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js', false, '3.4.1' );
    	
    	wp_enqueue_script( 'jquery' );
}

dipakcg

<!-- copied from https://wpspeedmatters.com/fastest-cookie-consent-wordpress-plugin/ -->
<p id="cookie-notice">This website uses cookies to ensure you get the best experience on our website.<br><button onclick="acceptCookie();">Got it!</button></p>

<style>#cookie-notice{color:#fff;font-family:inherit;background:#596cd5;padding:20px;position:fixed;bottom:10px;left:10px;width:100%;max-width:300px;box-shadow:0 10px 20px rgba(0,0,0,.2);border-radius:5px;margin:0px;visibility:hidden;z-index:1000000}#cookie-notice button{color:inherit;background:#3842c7;border:0;padding:10px;margin-top:10px;width:100%;cursor:pointer}@media only screen and (max-width:600px){#cookie-notice{max-width:100%;bottom:0;left:0;border-radius:0}}</style>

<script>function acceptCookie(){document.cookie="cookieaccepted=1; expires=Thu, 18 Dec 2030 12:00:00 UTC; path=/",document.getElementById("cookie-notice").style.visibility="hidden"}document.cookie.indexOf("cookieaccepted")<0&&(document.getElementById("cookie-notice").style.visibility="visib