Plugin Author: Really Simple Plugins
WordPress profile: Really Simple Plugins
Last updated: September 5, 2022 (4 weeks ago)
Tested up to (WP version): WP 6.0.2
Rating: 5 (out of 5)
Really Simple SSL automatically detects your settings and configures your website to run over HTTPS. To keep it lightweight, we kept the options to a minimum. Your website will move to SSL with one click.
Three simple steps for setup:
- Activate Really Simple SSL
- Activate SSL in your hosting environment, or generate a free Let’s Encrypt certificate in Really Simple SSL. (new)
- Enable SSL with One Click
Love Really Simple SSL?
Hopefully, this plugin saves you some hours of work. If you want to support the continuing development of this plugin, please consider buying Really Simple SSL Pro, which includes some excellent security features and premium support.
Improve Security with Really Simple SSL Pro
- The Mixed Content Scan & Fixer. Know which files are still requested over HTTP and how to fix it.
- Enable HTTP Strict Transport Security
- Configure your site for the HSTS preload list
- Advanced Security Headers to Improve Security, e.g., Content Security Policy, Permissions Policy, and more.
- Mixed Content Fixer for your Admin Area
- Detailed Feedback and Active Support on your Security Dashboard
- Premium Support
How does Really Simple SSL work?
- It will first check for an existing SSL certificate. If you don’t have one, you can generate one in the plugin. Depending on your hosting provider, the plugin can also install it for you or assist with instructions.
- The plugin handles most issues WordPress has with SSL. For example, a reverse proxy/load balancer or when no headers are passed to detect SSL.
- All incoming requests are redirected to HTTPS. Default with an internal WordPress redirect, but you can also opt for a .htaccess redirect.
- The site URL and home URL are changed to HTTPS.
- Your insecure content is fixed by replacing all http:// URLs with https://, except hyperlinks to other domains. This happens dynamically, so no database changes are made (except for the site URL and home URL).
- Cookies set with PHP are set securely by setting them with the httpOnly flag.
About Really Simple SSL
For free SSL certificate generation, Really Simple SSL uses the le acme2 PHP Let’s Encrypt client library, thanks to ‘fbett’ for providing it.
Any code suggestions? We’re on GitHub as well!
Really Simple SSL in your language?
Translations can be added very easily here.
For more detailed explanations and documentation on redirect loops, Let’s Encrypt, mixed content, errors, and so on, please search the documentation
Most mixed content issues are caused by URLs in CSS or JS files.
For detailed instructions on how to find mixed content read this article.
We recently added the possibility to generate a Free SSL Certificate with Let’s Encrypt in our Really Simple SSL Wizard. We have an updated list available for all possible integrations here. Please leave feedback about another integration, incorrect information, or you need help.
If you are experiencing redirect loops on your site, try these instructions.
Yes. There is a dedicated network settings page where you can switch between network-activated SSL and per page SSL. In Really Simple SSL Pro for Multisite, you can override all site settings for SSL on the network level and activate or deactivate SSL in the network menu for each site.
The plugin checks your certificate before enabling, but if, for example, you migrated the site to a non-SSL environment, you might get locked out of the back-end.
If you can’t deactivate, do not just remove the plugin folder to uninstall! Follow these instructions instead.
Easily migrate your website to SSL with One Click
Generate a Free Let's Encrypt SSL Certificate, if needed!
Improve security with Really Simple SSL. Fully guided and documented
Latest Change log entry:
- Bumped required PHP version to 7.2
- Fix: type in Let’s Encrypt wizard
- Improvement: SSL redirect icw WP Rocket included in WP Rocket htaccess rules
- Improvement: defaults for created directories
- Improvement: fallback in case of missing administrator role, props @msigloo
force ssl, https, insecure content, mixed content, ssl
+ Jason's Comments
This plugin helps to resolve the mixed media security error and change embedded domain links to https. You will first need a SSL – domain security certificate installed on your server.
Read up on other WordPress security related plugins and strategies.
Website Optimization and Maintenance
There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.