Plugin Author: Rogier Lankhorst
WordPress profile: Rogier Lankhorst
Last updated: February 8, 2018 (1 week ago)
Tested up to (WP version): WP 4.9.4
Rating: 5 (out of 5)
Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.
Three simple steps for setup:
- Get an SSL certificate (can’t do that for you, sorry).
- Activate this plugin
- Enable SSL with one click
Always backup before you go! If you do not have a sound backup policy, start having one! See https://really-simple-ssl.com/knowledge-base/backing-up-your-site/ for our recommendations.
Really Simple SSL is on GitHub as well!
Love Really Simple SSL?
Hopefully this plugin save you some hours of work. If you want to support the continuing development of this plugin, you might consider buying the premium, which includes
some cool features.
- The mixed content scan, which shows you what you have to do if you don’t have the green lock yet
- The option to enable HTTP Strict Transport Security
- The option to configure your site for the HSTS preload list
- Mixed Content Fixer for the back-end
- More detailed feedback on the configuration page.
- Certificate expiration check: get an email when your SSL certificate is about to expire.
- Premium support
What does the plugin actually do
- The plugin handles most issues that WordPress has with SSL, like when you’re behind a reverse proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
- All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
- The site url and home url are changed to https.
- Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
Like to have this plugin in your language?
Translations can be added very easily here. If you do, I can get you added as translation editor to approve the translations.
To install this plugin:
- Make a backup!
- Install your SSL certificate
- Download the plugin
- Upload the plugin to the wp-content/plugins directory,
- Go to “plugins” in your WordPress admin, then click activate.
- You will now see a notice asking you to enable SSL. Click it and log in again.
For more detailed explanations and documentation on redirect loops, deactivating, mixed content, errors, and so on, please search the documentation
Does the mixed content fixer make my site slower?
On a site where the source consists of about 60.000 characters, the delay caused by the mixed content fixer is about 0.00188 seconds. If this is too much for you, fix the mixed content manually and deactivate it in the settings.
Uninstalling Really Simple SSL
The plugin checks your certificate before enabling, but if, for example, you migrated the site to a non-ssl environment, you might get locked out of the back-end.
If you can’t deactivate, do not just remove the plugin folder to uninstall! Follow these instructions.
Mixed content issues
Most mixed content issues are caused by urls in css or js files.
For detailed instructions on how to find mixed content read this article.
Redirect loop issues
If you are experiencing redirect loops on your site, try these instructions.
Is the plugin multisite compatible?
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.* Really Simple SSL maintains an extensive knowledge-base at https://www.really-simple-ssl.com.
After activation, if SSL was detected, you can enable SSL.
View your configuration on the settings page
Latest Change log entry:
- Fix: “switch mixed content fixer hook” option not visible on the multisites settings page
- Tweak: several typo’s and uppercasing
force ssl, https, insecure content, mixed content, ssl
+ Jason's Comments
Read up on other WordPress security related plugins and strategies.
Website Optimization and Maintenance
There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.