Plugin Author: Really Simple Plugins
WordPress profile: Really Simple Plugins
Last updated: May 10, 2021 (1 week ago)
Tested up to (WP version): WP 5.7.2
Rating: 5 (out of 5)
Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.
Three simple steps for setup:
- Get an SSL certificate (can’t do that for you, sorry.) See our recommendations for a free SSL certificate.
- Activate this plugin
- Enable SSL with one click
Always backup before you go! If you do not have a sound backup policy, start having one! See our recommendations.
Any code suggestions? We’re on GitHub as well!
Love Really Simple SSL?
Hopefully this plugin saves you some hours of work. If you want to support the continuing development of this plugin, you might consider buying the premium, which includes
some cool features.
- The mixed content scan, which shows you what you have to do if you don’t have the secure lock yet
- The option to enable HTTP Strict Transport Security
- The option to configure your site for the HSTS preload list
- Advanced security headers for additional security
- Mixed Content Fixer for the back-end
- More detailed feedback on the configuration page
- Certificate expiration check: get an email when your SSL certificate is about to expire
- Premium support
What does the plugin actually do
- The plugin handles most issues that WordPress has with SSL, like when you’re behind a reverse proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
- All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
- The siteurl and homeurl are changed to https.
- Your insecure content is fixed by replacing all http:// URL’s with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
- Cookies set with PHP are set securely, by setting them with the httpOnly flag
Like to have this plugin in your language?
Translations can be added very easily here. If you do, I can get you added as translation editor to approve the translations.
For more detailed explanations and documentation on redirect loops, deactivating, mixed content, errors, and so on, please search the documentation
On a site where the source consists of about 60.000 characters, the delay caused by the mixed content fixer is about 0.00188 seconds. If this is too much for you, fix the mixed content manually and deactivate it in the settings.
The plugin checks your certificate before enabling, but if, for example, you migrated the site to a non-ssl environment, you might get locked out of the back-end.
If you can’t deactivate, do not just remove the plugin folder to uninstall! Follow these instructions.
Most mixed content issues are caused by URL’s in css or js files.
For detailed instructions on how to find mixed content read this article.
If you are experiencing redirect loops on your site, try these instructions.
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
Easily migrate your website to SSL with one click
Improve security with Really Simple SSL. Fully guided and documented.
Latest Change log entry:
- Fix: non hierarchical structured form elements in the template could cause settings not to get saved in some configurations.
force ssl, https, insecure content, mixed content, ssl
+ Jason's Comments
This plugin helps to resolve the mixed media security error and change embedded domain links to https. You will first need a SSL – domain security certificate installed on your server.
Read up on other WordPress security related plugins and strategies.
Website Optimization and Maintenance
There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.