Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. Use the wp_enqueue_script() and wp_enqueue_style() functions with a src_integrity parameter, or hook into script_loader_tag to add integrity attributes:

    add_filter('script_loader_tag', function($tag, $handle, $src) {
$sri_map = [
'my-cdn-script' => 'sha384-<hash>',
];
if (isset($sri_map[$handle])) {
$tag = str_replace(' src=', ' integrity="' . $sri_map[$handle] . '" crossorigin="anonymous" src=', $tag);
}
return $tag;
}, 10, 3);

  2. Alternatively, use the "SRI Manager" plugin.

Back to top