May 172016
 
WordPress Plugin Name: Really Simple SSL
Plugin URL:https://wordpress.org/plugins/really-simple-ssl/

Plugin Author: Really Simple Plugins
WordPress profile: Really Simple Plugins
Plugin version: 6.1.1
Last updated: January 24, 2023 (6 days ago)
Tested up to (WP version): WP 6.1.1
Downloaded: 0
Rating: 5 (out of 5)

Description


Really Simple SSL will automatically configure your website to use SSL to its fullest potential. Use extra hardening features to secure your website, and use our server health check to keep up-to-date.

Features

  • Easy SSL Migration: Takes your website to HTTPS in just one-click.
  • Server Health Check (New): Your server configuration is every bit as important for your website security.
  • WordPress Hardening (New): Tweak your configuration and keep WordPress fortified and safe by tackling its weaknesses.

Improve Security with Really Simple SSL Pro

  • The Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix it. Both Front- and Back-end.

Security Headers

These features mitigate the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware among others.

  • Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX etc.
  • Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options and Referrer Policy.
  • Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.

Advanced Security

Isolate your website from unnecessary file loading and exchanges with third-parties. Fully control your website and minimize risk of manipulation.

  • Specifically designed for WordPress.
  • Control third-parties with the Content Security Policy – including Learning Mode.
  • Control browser features with the Permissions Policy e.g. geolocation, camera’s and microphones.
  • Isolate information exchange between other websites. Fully control in- and outbound of data.

How does Really Simple SSL’s HTTPS migration work?

  • The plugin will check for an existing SSL certificate. If you don’t have one, you can generate one in the plugin. Depending on your hosting provider, the plugin can also install it for you or assist with instructions.
  • If needed, It will handle known issues WordPress has with SSL. An example might be that your website uses a loadbalancer, proxy or headers are not passed to detect a certificate.
  • All incoming requests are redirected to HTTPS with a default 301 WordPress redirect. You can also choose a .htaccess redirect.
  • The Site URL and Home URL are changed to HTTPS.
  • Your insecure content is fixed by replacing all HTTP:// URLs with HTTPS://, except external hyperlinks, dynamically.
  • Cookies with PHP are set securely by setting them with the HTTPOnly flag.

Useful Links

Love Really Simple SSL?

Hopefully, this plugin saves you some time. If you want to support the continuing development of this plugin, please consider buying Really Simple SSL Pro, which includes some excellent security features and premium support.

About Really Simple Plugins

Other plugins developed by Really Simple Plugins are: Complianz and Burst Statistics.

Contact us if you have any questions, issues, or suggestions. Really Simple SSL is developed by Really Simple Plugins.

For generating SSL certificates, Really Simple SSL uses the le acme2 PHP Let’s Encrypt client library, thanks to ‘fbett’ for providing it.

Want to join as a collaborator? We’re on GitHub as well!



FAQ


Knowledge Base

For more detailed explanations and documentation on redirect loops, Let’s Encrypt, mixed content, errors, and so on, please search the documentation

Mixed Content issues

Most mixed content issues are caused by URLs in CSS or JS files. For detailed instructions on how to find mixed content read this article.

Generating a Let’s Encrypt SSL Certificate

We recently added the possibility to generate a Free SSL Certificate with Let’s Encrypt in our Really Simple SSL Wizard. We have an updated list available for all possible integrations here. Please leave feedback about another integration, incorrect information, or you need help.

Redirect loop issues

If you are experiencing redirect loops on your site, try these instructions.

Is the plugin multisite compatible?

Yes. There is a dedicated network settings page where you can control settings for your entire network, at once.

Uninstalling Really Simple SSL

The plugin checks your certificate before enabling, but if, for example, you migrated the site to a non-SSL environment, you might get locked out of the back-end.

If you can’t deactivate, do not just remove the plugin folder to uninstall! Follow these instructions instead.



Screenshots:


  1. Your Really Simple SSL dashboard - For optimal configuration.

    Your Really Simple SSL dashboard - For optimal configuration.

  2. The Server Health Check - An in-depth look at your server.

    The Server Health Check - An in-depth look at your server.

  3. New Hardening Features - Fortify your website by minimizing weaknesses.

    New Hardening Features - Fortify your website by minimizing weaknesses.



Other notes:




Latest Change log entry:


  • Fix: WP CLI not completing SSL when because site_has_ssl option is not set if website has not been visited before, props @oolongm
  • Improvement: prevent ‘undefined’ status showing up in api calls on settings page
  • Improvement: show notice if users are using an <2.0 Let’s Encrypt shell add-on which is not compatible with 6.0



Tags:


force ssl, https, insecure content, mixed content, ssl

+ Jason's Comments

This plugin helps to resolve the mixed media security error and change embedded domain links to https. You will first need a SSL – domain security certificate installed on your server.

Read up on other WordPress security related plugins and strategies.


Website Optimization and Maintenance

There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.

I provide website tune ups on request and recommend a schedule for Search Engine Optimization (SEO) and Page Speed optimization.

Optimization is best applied together with website security and protection and backup and maintenance.

Top