[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsvumpSooY9fKHOlx-78t2tnHQJ1Xsfh_oD6UDHWMigw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":130,"fingerprints":226},"admin-ssl-secure-admin","Admin SSL","2.0-b2","blenjee","https:\u002F\u002Fprofiles.wordpress.org\u002Fblenjee\u002F","\u003Cp>Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private SSL.\u003Cbr \u002F>\nOnce you have activated the plugin please go to the Admin SSL config page to enable SSL, and\u003Cbr \u002F>\nread the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Each time you update Admin SSL, please read the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa> in\u003Cbr \u002F>\ncase there is some important information relating to the update.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Forces SSL on all pages where passwords can be entered.\u003C\u002Fli>\n\u003Cli>Works with Private SSL.\u003C\u002Fli>\n\u003Cli>Custom additional URLS (e.g. wp-admin\u002F) can be secured through the config page.\u003C\u002Fli>\n\u003Cli>You can choose where you want the Admin SSL config page to appear!\u003C\u002Fli>\n\u003Cli>Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1,\u003Cbr \u002F>\nbut note it is no longer supported – you should upgrade to the latest WordPress version.\u003C\u002Fli>\n\u003C\u002Fol>\n","Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private SSL.",100,53005,0,"2011-04-24T15:21:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"private-ssl","secure-login","security","shared-ssl","ssl","http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-ssl-secure-admin.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T05:01:53.664Z",[36,60,80,97,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"auto-install-free-ssl","Auto-Install Free SSL – Generate & Install Free SSL Certificates","4.6.1","Anindya Sundar Mandal","https:\u002F\u002Fprofiles.wordpress.org\u002Fspeedify\u002F","\u003Ch3>Auto-Install Free SSL\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>With over \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\u002Freviews\u002F?filter=5\" rel=\"ugc\">380 five-star reviews ⭐⭐⭐⭐⭐\u003C\u002Fa> and a 4.9 out of 5 stars average rating, ‘Auto-Install Free SSL’ empowers you to generate Free SSL Certificates in your WordPress dashboard effortlessly.\u003C\u002Fstrong> This plugin helps secure your website and saves you money.\u003C\u002Fp>\n\u003Cp>Let’s Encrypt™ SSL Certificate is FREE. But they provide it through their API. If you are not a programmer, you need to study and practice programming for years to be able to use the API of Let’s Encrypt™ to generate a single Free SSL Certificate for your WordPress website.\u003C\u002Fp>\n\u003Cp>Here is where ‘Auto-Install Free SSL’ comes into play. This WordPress plugin provides a hassle-free way to obtain and install the Let’s Encrypt™ free SSL certificate for your website. You don’t need programming or coding experience to set it up. With this plugin, you don’t need to spend hours configuring SSL or waste money purchasing SSL certificates. All you need is a few minutes.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"How to set up Automation in 1 minute (cPanel) | Auto-Install Free SSL [Pro]\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F745390051?dnt=1&app_id=122963\" width=\"750\" height=\"400\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>Minimum System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Linux or Windows hosting\u003C\u002Fli>\n\u003Cli>WordPress 4.1\u003C\u002Fli>\n\u003Cli>PHP 5.6\u003C\u002Fli>\n\u003Cli>OpenSSL extension\u003C\u002Fli>\n\u003Cli>Curl extension\u003C\u002Fli>\n\u003Cli>PHP directive allow_url_fopen = On\u003C\u002Fli>\n\u003Cli>The website should be assigned to a domain name (e.g., example.com) accessible online.\u003C\u002Fli>\n\u003Cli>Ensure your web server can serve static files – a standard feature in most web servers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FREE PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Domain Ownership Verification.\u003C\u002Fli>\n\u003Cli>Generate and renew Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>One-click Download the generated SSL certificate, Private key, and CA Bundle files.\u003C\u002Fli>\n\u003Cli>Video tutorial on cPanel: (1) How to upload HTTP-01 challenge files to verify domain ownership. (2) How to Install the Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>Written tutorial on Plesk for the above two topics.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation, i.e., HTTPS redirect, fix insecure links and mixed content warning, display the padlock in the browser’s address bar with ONLY ONE CLICK.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>Automatic renewal reminder by email and admin notice before the SSL expiry date.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The free https SSL certificate issued by Let’s Encrypt™ expires in 90 days. They recommend renewing 30 days before expiry. Please check the FAQ section to learn why the lifetime is 90 days.\u003C\u002Fp>\n\u003Cp> \u003C\u002Fp>\n\u003Cpre>\u003Ccode> Use this plugin only for HTTPS redirects too. \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If your WordPress website has an SSL certificate installed and you are looking ONLY for Force SSL activation (i.e., HTTPS redirect, fix insecure content), you can use the FREE version.\u003C\u002Fp>\n\u003Ch3>PREMIUM PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Verification of Domain Ownership.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Generation of Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Installation\u003C\u002Fstrong> of Free SSL Security Certificate (cPanel or root access is required for this automation). [However, if you have neither cPanel nor root access, we’ll Install the SSL manually for the first time and provide documentation on how to install SSL manually].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Renewal\u003C\u002Fstrong> of Free SSL Certificate (30 days before expiry).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cron Job.\u003C\u002Fstrong> No need to set the Cron Job manually.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>One-to-one Premium Support.\u003C\u002Fli>\n\u003Cli>SSL installation training for non-cPanel websites.\u003C\u002Fli>\n\u003Cli>Automatic WildCard SSL certificate for free! (Generation and installation of an SSL certificate for a domain that covers all its sub-domains.)\u003C\u002Fli>\n\u003Cli>Automatically sets the DNS TXT record to verify the domain and generate free wildcard SSL certificates (supported DNS service providers: Cloudflare, Godaddy, Namecheap, and cPanel.)\u003C\u002Fli>\n\u003Cli>Supports Multisite.\u003C\u002Fli>\n\u003Cli>Works on all the websites hosted on a cPanel \u002F web hosting.\u003C\u002Fli>\n\u003Cli>If needed, you can revoke any SSL certificate and change your Let’s Encrypt™ account key.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(The last five features are available for the unlimited sites license only.)\u003C\u002Fp>\n\u003Cp>If your WordPress website is hosted on a VPS or dedicated server and you don’t have cPanel, \u003Cstrong>Automatic Installation\u003C\u002Fstrong> of the Free SSL Certificate is still possible. Please get in touch with us after purchase.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Ffree-ssl-certificate-for-wordpress-website\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=premium_features\" rel=\"nofollow ugc\">BUY PREMIUM VERSION\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Benefits of installing an SSL certificate on your WordPress website\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Protect your users’ data:\u003C\u002Fstrong> If an SSL certificate is installed, your WordPress website’s data travels through the internet with 2048-bit (or more) encryption. No computer or hacker in between can read your users’ encrypted data. Only the intended recipient (users’ browser or your server) can decrypt and read the encrypted data. The data may be credit card-like necessary payment details, user input with a contact form, or a simple login form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Display PADLOCK:\u003C\u002Fstrong> Installing an SSL certificate is not optional anymore, even if your WordPress website doesn’t accept credit cards. Since July 2018, with version 68, Google Chrome has started to mark all HTTP (no SSL) websites as ‘Not secure’, even if it doesn’t accept user input. All other browsers followed the same path. When users visit an SSL-secured website, all browsers display a secured PADLOCK in the address bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Boost the Search Engine Ranking:\u003C\u002Fstrong> Google and other search engines aim to create a secure web. So, search engines now favor SSL-secured HTTPS websites and discourage insecure ones in the search results. If your WordPress website doesn’t have an SSL certificate installed, you are missing something significant regarding SEO and staying away from potential customers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Gain the trust of your users:\u003C\u002Fstrong> If users see the secured PADLOCK and HTTPS connection in the URL, they are assured that your website is secured. Now you are gaining the trust of your potential customers. They are confident to purchase your product or service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Fwordpress-letsencrypt-free-ssl-certificate-documentation\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=documentation\" rel=\"nofollow ugc\">click here\u003C\u002Fa> for the documentation.\u003C\u002Fp>\n\u003Ch3>Support and Report a Bug\u003C\u002Fh3>\n\u003Cp>Please check the existing topics in the WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\" rel=\"ugc\">support forum\u003C\u002Fa> before creating a new topic for support or reporting a bug.\u003C\u002Fp>\n\u003Ch3>‘AUTO-INSTALL FREE SSL’ IN YOUR LANGUAGE?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fauto-install-free-ssl\u002F\" rel=\"nofollow ugc\">Translations can be added easily here\u003C\u002Fa> if you want to translate in your language.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fletsencrypt.org\" rel=\"nofollow ugc\">Let’s Encrypt™\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>I developed this plugin based on the PHP client\u002Fapp \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=credits\" rel=\"nofollow ugc\">‘FreeSSL.tech Auto’\u003C\u002Fa>, which I developed with a massive rewrite of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanalogic\u002Flescript\" rel=\"nofollow ugc\">Lescript\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcpanel.com\" rel=\"nofollow ugc\">cPanel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Let’s Encrypt™ is a trademark of the Internet Security Research Group. All rights reserved.\u003C\u002Fp>\n","Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.",9000,501022,98,397,"2025-12-24T04:33:00.000Z","6.9.4","4.1","5.6",[53,54,55,56,57],"free-ssl","free-ssl-certificate","https-redirect","ssl-certificate","ssl-security","https:\u002F\u002Ffreessl.tech","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-install-free-ssl.4.6.1.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":16,"requires_php":17,"tags":74,"homepage":78,"download_link":79,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lh-hsts","LH HSTS","1.25","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin send the proper headers for full ssl security. For more information on what this is and why it is important visit: http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHTTP_Strict_Transport_Security\u003C\u002Fp>\n\u003Cp>The options are preset to enable browsers to preload the HSTS directive but can be overwritten by filters which are clearly documented in the code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-hsts\" rel=\"ugc\">writing a review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>To update the max-age settings, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_max_age', 'modify_ls_hsts_max_age_func');\n\nfunction modify_ls_hsts_max_age_func( $max_age ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the subdomain settings, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_subdomain’, ‘modify_ls_hsts_subdomain_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_subdomain_func( $subdomain ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>To update the preload setting, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_preload', 'modify_ls_hsts_preload_func');\n\nfunction modify_ls_hsts_preload_func( $preload ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the redirect setting, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_redirect’, ‘modify_ls_hsts_redirect_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_redirect_func( $redirect ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n","HSTS is HTTP Strict Transport Security, a means to enforce using SSL even if the user accesses the site through HTTP and not HTTPS.",700,349826,78,7,"2020-07-12T05:30:00.000Z","5.4.19",[75,76,77,21,23],"hsts","https","redirect","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-hsts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-hsts.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":13,"num_ratings":13,"last_updated":90,"tested_up_to":49,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":17,"download_link":96,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-ssl-redirects","Simple SSL Redirects","1.1.4","Blucube","https:\u002F\u002Fprofiles.wordpress.org\u002Fedhicks\u002F","\u003Cp>If your site has an SSL certificate you might find that you can access the site via both SSL (https) and non-SSL (http) URLs. This is a bad idea for security, and for SEO, as it can look like duplicate content on different URLs.\u003C\u002Fp>\n\u003Cp>The answer to this is to redirect requests to non-SSL (http) URLs over to their SSL (https) equivalents using something called a 301 redirect. This tells the client (and search engines) that the resource they are looking for should always be accessed over SSL.  This plugin offers two methods to achieve this:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By intercepting WordPress pages at header time, and if they are not already being requested over HTTPS sending a 301 redirect header, or\u003C\u002Fli>\n\u003Cli>By adding mod_rewrite rules in the .htaccess file to redirect all requests to their HTTPS equivalents using 301 redirects.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Optionally, this plugin can also set \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FStrict-Transport-Security\" rel=\"nofollow ugc\">HSTS\u003C\u002Fa> headers for you, and make sure that all requests use the same hostname (i.e. fixing the issue where many sites can be accessed using both www. and non-www. URLs).\u003C\u002Fp>\n","Lightweight plugin to ensure access via SSL\u002FHTTPS. Uses 301 (permanent) redirects for SEO benefits. Optionally sets HSTS and forces canonical domain.",200,2868,"2025-12-09T11:40:00.000Z","4.6","5.3",[76,94,21,95,23],"redirection","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ssl-redirects.1.1.4.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":11,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":17,"download_link":114,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"gravity-forms-force-ssl","Gravity Forms: Force SSL","1.4.1","Timothy Wood","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodearachnid\u002F","\u003Cp>An addon to Gravity Forms to add an option to force your forms to be loaded SSL only. Fully supporting the latest version of Gravity Forms 1.9!\u003C\u002Fp>\n\u003Cp>This plugin requires Gravity Forms 1.7+ and is tested through WordPress 4.1.\u003C\u002Fp>\n\u003Cp>Thanks to the following users for making the plugin better!\u003Cbr \u002F>\n* @limecanvas\u003C\u002Fp>\n\u003Cp>Additional Details:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin is actively supported and we will do our best to help you.\u003C\u002Fli>\n\u003Cli>This plugin has been tested on PHP 5.2.17, 5.3.14, 5.4.4 and WP 3.4, 4.0, and 4.1.\u003C\u002Fli>\n\u003Cli>Background patterns used in the WordPress.org banner were created by http:\u002F\u002Fsubtlepatterns.com\u003C\u002Fli>\n\u003C\u002Ful>\n","An addon to Gravity Forms to add an option to force your forms to be loaded SSL only.",5419,2,"2015-01-29T11:26:00.000Z","4.1.42","3.7",[111,112,113,21,23],"forms","gravityforms","secure","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-force-ssl.1.4.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":125,"requires_at_least":91,"requires_php":17,"tags":126,"homepage":128,"download_link":129,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"https-image-fixer","HTTPS Image Fixer","1.0.2","mitchbartlett","https:\u002F\u002Fprofiles.wordpress.org\u002Fmitchbartlett\u002F","\u003Cp>Fixes images that load under HTTP instead of HTTPS on a web page that is protected via SSL.\u003C\u002Fp>\n","Fixes insecure content messages that appear when loading images on an SSL secured website.",5832,"2018-05-31T14:58:00.000Z","4.9.29",[76,127,21,23],"images","http:\u002F\u002Fwww.studiopress.com\u002Fplugins\u002Fhttps-image-fixer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-image-fixer.zip",{"attackSurface":131,"codeSignals":175,"taintFlows":218,"riskAssessment":219,"analyzedAt":225},{"hooks":132,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":13,"unprotectedCount":13},[133,139,143,147,153,157,160,164,167],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","as_admin_menu","includes\\hooks.php",15,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_notices","as_warning",16,{"type":134,"name":144,"callback":145,"file":137,"line":146},"init","as_init",24,{"type":148,"name":149,"callback":150,"priority":151,"file":137,"line":152},"filter","secure_signon_cookie","as_secure_cookie",10,26,{"type":148,"name":154,"callback":155,"file":137,"line":156},"comment_moderation_text","as_ob_handler",27,{"type":148,"name":158,"callback":155,"file":137,"line":159},"comment_notification_text",28,{"type":148,"name":161,"callback":162,"priority":151,"file":137,"line":163},"plugin_action_links","as_action_links",29,{"type":148,"name":165,"callback":166,"file":137,"line":32},"wp_mail","as_mail",{"type":148,"name":168,"callback":169,"file":137,"line":170},"wp_redirect","as_redirect_check",31,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":13,"externalRequests":13,"nonceChecks":106,"capabilityChecks":216,"bundledLibraries":217},[],{"prepared":13,"raw":13,"locations":178},[],{"escaped":106,"rawEcho":142,"locations":180},[181,185,187,189,191,193,196,198,201,203,205,207,209,211,212,214],{"file":182,"line":183,"context":184},"admin-ssl-test.php",204,"raw output",{"file":182,"line":186,"context":184},208,{"file":182,"line":188,"context":184},234,{"file":182,"line":190,"context":184},235,{"file":182,"line":192,"context":184},256,{"file":194,"line":195,"context":184},"admin-ssl.php",75,{"file":194,"line":197,"context":184},87,{"file":199,"line":200,"context":184},"includes\\config-page.php",22,{"file":199,"line":202,"context":184},59,{"file":199,"line":204,"context":184},60,{"file":199,"line":206,"context":184},63,{"file":199,"line":208,"context":184},96,{"file":199,"line":210,"context":184},97,{"file":199,"line":11,"context":184},{"file":199,"line":213,"context":184},139,{"file":199,"line":215,"context":184},146,3,[],[],{"summary":220,"deductions":221},"The \"admin-ssl-secure-admin\" plugin version 2.0-b2 exhibits a strong security posture based on the provided static analysis. The complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code demonstrates good security practices with a lack of dangerous functions, 100% usage of prepared statements for SQL queries, and the presence of nonce and capability checks. This suggests a well-designed plugin with security as a priority.\n\nHowever, a notable concern arises from the low percentage of properly escaped output (11%). This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. While the taint analysis shows no critical or high severity flows, the lack of comprehensive taint analysis (0 flows analyzed) means that subtle or complex vulnerabilities might have been missed. The absence of any historical vulnerabilities is a positive sign, suggesting a consistent focus on security by the developers.\n\nIn conclusion, the plugin has a solid foundation with a minimal attack surface and good use of core WordPress security features. The primary weakness identified is the insufficient output escaping, which requires immediate attention. The lack of taint analysis and historically clean record, while reassuring, should not lead to complacency, and continued vigilance and testing are recommended, especially concerning output sanitization.",[222],{"reason":223,"points":224},"Low percentage of properly escaped output",5,"2026-03-16T20:43:28.937Z",{"wat":227,"direct":236},{"assetPaths":228,"generatorPatterns":231,"scriptPaths":232,"versionParams":233},[229,230],"\u002Fwp-content\u002Fplugins\u002Fadmin-ssl-secure-admin\u002Fincludes\u002Fcss\u002Fadmin-ssl.css","\u002Fwp-content\u002Fplugins\u002Fadmin-ssl-secure-admin\u002Fincludes\u002Fjs\u002Fadmin-ssl.js",[],[230],[234,235],"admin-ssl-secure-admin\u002Fincludes\u002Fcss\u002Fadmin-ssl.css?ver=","admin-ssl-secure-admin\u002Fincludes\u002Fjs\u002Fadmin-ssl.js?ver=",{"cssClasses":237,"htmlComments":240,"htmlAttributes":241,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":244},[238,239],"admin-ssl-debug-warning","admin-ssl-reset-warning",[],[],[],[],[]]