Adding Security Headers to WordPress Without 3rd-Party Plugins