[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJUfeHnBD7ckd6FT4uTrvI3_8y8r09gk4umbMQanChjw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":130,"fingerprints":234},"advanced-https-redirection","Advanced Https Redirection","1.0","ehabsan","https:\u002F\u002Fprofiles.wordpress.org\u002Fehabsan\u002F","\u003Cp>This plugin enables you to easily redirect your whole domain from\u002Fto HTTP to\u002Ffrom HTTPS, or you can just redirect certain pages, posts, terms or custom post type or any other front-end page.\u003C\u002Fp>\n\u003Cp>Using this plugin you can force your website visitors to use the the HTTPS version of your website, or the other way around. And you can also use it to have your whole website on HTTPS while certain pages are on HTTP, or the other way around.\u003C\u002Fp>\n\u003Cp>This plugin allows you to redirect both dynamic resources and static resources – for static resources to work your server must be Apache and you should have an .htaccess file in your root WordPress directory.\u003C\u002Fp>\n\u003Cp>features – all redirections work from \u002F to HTTP to\u002Ffrom HTTPS:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Redirect the whole domain including static resources\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only the admin directory\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only the front-end pages\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only static resources\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect the whole domain except for certain posts, or custom post types, or terms, or custom taxonomies, or any other front-end page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect using different redirection statuses: 301,302,303, and 307\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin will generate links for posts and other front-end pages based on how they should be redirected, so if a post is supposed to be accessed through HTTPS, this plugin will make sure that all links generated by WordPress to that post are HTTPS links, which is better for seo\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Redirect your whole domain from\u002Fto http to\u002Ffrom https, or redirect just certain pages without any technical knowledge.",0,1287,"2018-03-28T17:22:00.000Z","4.9.29","4.4","",[18,19,20,21,22],"automatic-redirection","htaccess","https","redirection","ssl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-https-redirection.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},3,40,90,30,87,"2026-04-05T09:19:06.242Z",[36,57,74,91,109],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,84,71,"2025-12-02T03:12:00.000Z","6.9.4","6.5",[52,20,53,21,22],"force-ssl","insecure-content","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",100,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":49,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":16,"download_link":73,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"simple-ssl-redirects","Simple SSL Redirects","1.1.4","Blucube","https:\u002F\u002Fprofiles.wordpress.org\u002Fedhicks\u002F","\u003Cp>If your site has an SSL certificate you might find that you can access the site via both SSL (https) and non-SSL (http) URLs. This is a bad idea for security, and for SEO, as it can look like duplicate content on different URLs.\u003C\u002Fp>\n\u003Cp>The answer to this is to redirect requests to non-SSL (http) URLs over to their SSL (https) equivalents using something called a 301 redirect. This tells the client (and search engines) that the resource they are looking for should always be accessed over SSL.  This plugin offers two methods to achieve this:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By intercepting WordPress pages at header time, and if they are not already being requested over HTTPS sending a 301 redirect header, or\u003C\u002Fli>\n\u003Cli>By adding mod_rewrite rules in the .htaccess file to redirect all requests to their HTTPS equivalents using 301 redirects.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Optionally, this plugin can also set \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FStrict-Transport-Security\" rel=\"nofollow ugc\">HSTS\u003C\u002Fa> headers for you, and make sure that all requests use the same hostname (i.e. fixing the issue where many sites can be accessed using both www. and non-www. URLs).\u003C\u002Fp>\n","Lightweight plugin to ensure access via SSL\u002FHTTPS. Uses 301 (permanent) redirects for SEO benefits. Optionally sets HSTS and forces canonical domain.",200,2868,"2025-12-09T11:40:00.000Z","4.6","5.3",[20,21,71,72,22],"security","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ssl-redirects.1.1.4.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":31,"downloaded":82,"rating":56,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":16,"tags":87,"homepage":16,"download_link":90,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wp-htaccess-optimize","WP htaccess Optimize (beta)","0.1.4","florianluce","https:\u002F\u002Fprofiles.wordpress.org\u002Fflorianluce\u002F","\u003Cp>With WP htaccess Optimize, you can easily optimize the performance of your site by configuring your htaccess in bit clicks\u003C\u002Fp>\n\u003Cp>optimisation available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Time zone selection\u003C\u002Fli>\n\u003Cli>Prevents indexing of folders without index.php\u003C\u002Fli>\n\u003Cli>Disable the server signature\u003C\u002Fli>\n\u003Cli>Block Sensitive Files\u003C\u002Fli>\n\u003Cli>Protect WP-includes\u003C\u002Fli>\n\u003Cli>Protect author link\u003C\u002Fli>\n\u003Cli>Block author scans\u003C\u002Fli>\n\u003Cli>Enabling the tracking of symbolic links\u003C\u002Fli>\n\u003Cli>Comment spam\u003C\u002Fli>\n\u003Cli>Protection against file injections\u003C\u002Fli>\n\u003Cli>Various protections ( XSS, clickjacking and MIME-Type sniffing )\u003C\u002Fli>\n\u003Cli>Disable the hotlinking of your pictures\u003C\u002Fli>\n\u003Cli>Redirect without WWW\u003C\u002Fli>\n\u003Cli>Redirect http to HTTPS\u003C\u002Fli>\n\u003Cli>Caching files in the browser\u003C\u002Fli>\n\u003Cli>Disabled headers ETags\u003C\u002Fli>\n\u003Cli>Compress static files\u003C\u002Fli>\n\u003C\u002Ful>\n","simply configure your htaccess to optimize your site!",4503,2,"2019-03-30T13:34:00.000Z","5.0.25","3.7",[19,88,20,22,89],"http","www","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-htaccess-optimize.0.1.4.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":44,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":49,"requires_at_least":103,"requires_php":69,"tags":104,"homepage":107,"download_link":108,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ssl-insecure-content-fixer","SSL Insecure Content Fixer","2.7.2","webaware","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaware\u002F","\u003Cp>Clean up your WordPress website’s HTTPS insecure content and mixed content warnings. Installing the SSL Insecure Content Fixer plugin will solve most insecure content warnings with little or no effort. The remainder can be diagnosed with a few simple tools.\u003C\u002Fp>\n\u003Cp>When you install SSL Insecure Content Fixer, its default settings are activated and it will automatically perform some basic fixes on your website using the Simple fix level. You can select more comprehensive fix levels as needed by your website.\u003C\u002Fp>\n\u003Cp>WordPress Multisite gets a network settings page. This can be used to set default settings for all sites within a network, so that network administrators only need to specify settings on sites that have requirements differing from the network defaults.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fssl.webaware.net.au\u002F\" rel=\"nofollow ugc\">SSL Insecure Content Fixer website\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Many thanks to the generous efforts of our translators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bulgarian (bg_BG) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fbg\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Bulgarian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese simplified (zh_CN) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fzh-cn\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Chinese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_CA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-ca\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (Canadian) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_GB) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-gb\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (British) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_ZA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-za\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (South African) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fnl\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Dutch translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fde\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the German translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French (fr_FR) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Ffr\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the French translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fit\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Italian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Japanese (ja) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fja\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Japanese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fru\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Russian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fes\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Spanish translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to help out by translating this plugin, please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">sign up for an account and dig in\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>SSL Insecure Content Fixer does not collect any personally identifying information, and does not set any cookies.\u003C\u002Fp>\n","Clean up WordPress website HTTPS insecure content",2650141,96,221,"2025-12-14T04:38:00.000Z","4.0",[20,53,105,106,22],"mixed-content","partially-encrypted","https:\u002F\u002Fssl.webaware.net.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-insecure-content-fixer.2.7.2.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":49,"requires_at_least":68,"requires_php":122,"tags":123,"homepage":125,"download_link":126,"security_score":127,"vuln_count":128,"unpatched_count":11,"last_vuln_date":129,"fetched_at":26},"wp-force-ssl","WP Force SSL & HTTPS SSL Redirect","1.68","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F?ref=wporg\" rel=\"nofollow ugc\">WP Force SSL\u003C\u002Fa> helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors \u003Cstrong>without touching any code\u003C\u002Fstrong>. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.\u003C\u002Fp>\n\u003Cp>How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get \u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F\" rel=\"nofollow ugc\">WP Force SSL PRO\u003C\u002Fa> and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.\u003C\u002Fp>\n\u003Cp>Access WP Force SSL settings via the main Settings menu -> WP Force SSL.\u003C\u002Fp>\n\u003Ch4>SSL Tests available in the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>is site on localhost?\u003C\u002Fli>\n\u003Cli>check SSL certificate\u003C\u002Fli>\n\u003Cli>check SSL certificate expiry date\u003C\u002Fli>\n\u003Cli>is latest version of Force SSL used?\u003C\u002Fli>\n\u003Cli>are known incompatible SSL plugins active?\u003C\u002Fli>\n\u003Cli>is WP address URL set for SSL?\u003C\u002Fli>\n\u003Cli>is WP home URL set for SSL?\u003C\u002Fli>\n\u003Cli>is SSL monitoring enabled (pro feature)\u003C\u002Fli>\n\u003Cli>is HTTPS redirection working?\u003C\u002Fli>\n\u003Cli>is file redirection working (pro feature)\u003C\u002Fli>\n\u003Cli>is HSTS enabled?\u003C\u002Fli>\n\u003Cli>check mixed-content issue (pro feature)\u003C\u002Fli>\n\u003Cli>is htaccess available & writable?\u003C\u002Fli>\n\u003Cli>is 404 redirection enabled (pro feature)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>redirect HTTP to HTTPS\u003C\u002Fli>\n\u003Cli>fix mixed-content (pro)\u003C\u002Fli>\n\u003Cli>enable HSTS\u003C\u002Fli>\n\u003Cli>force secure cookies (pro)\u003C\u002Fli>\n\u003Cli>cross-site scripting protection (pro)\u003C\u002Fli>\n\u003Cli>expect CT header\u003C\u002Fli>\n\u003Cli>X-Frame options\u003C\u002Fli>\n\u003Cli>show WP Force SSL menu in admin bar\u003C\u002Fli>\n\u003Cli>show WP Force SSL widget in admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SSL certificate testing tool\u003C\u002Fh4>\n\u003Cp>WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.\u003C\u002Fp>\n\u003Ch4>Need support?\u003C\u002Fh4>\n\u003Cp>We’re here for you! Things get frustrating when they don’t work so make sure you \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-force-ssl\u002F\" rel=\"ugc\">open a support topic\u003C\u002Fa> in the official Force SSL forum. We answer all questions within a few hours!\u003C\u002Fp>\n\u003Ch4>External Assets\u003C\u002Fh4>\n\u003Cp>A big thank you to \u003Ca href=\"https:\u002F\u002Fsweetalert2.github.io\u002F\" rel=\"nofollow ugc\">SweetAlert2\u003C\u002Fa> authors which we use to make alerts nicer. And to \u003Ca href=\"https:\u002F\u002Fdepositphotos.com\u002F248496280\u002Fstock-illustration-online-payment-protection-system-concept.html\" rel=\"nofollow ugc\">DepositPhotos\u003C\u002Fa> for the lovely header image.\u003C\u002Fp>\n","Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.",90000,1746375,94,179,"2025-12-03T20:17:00.000Z","5.2",[52,20,105,22,124],"ssl-certificate","https:\u002F\u002Fwpforcessl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-force-ssl.1.68.zip",99,1,"2024-06-07 00:00:00",{"attackSurface":131,"codeSignals":183,"taintFlows":196,"riskAssessment":223,"analyzedAt":233},{"hooks":132,"ajaxHandlers":175,"restRoutes":180,"shortcodes":181,"cronEvents":182,"entryPointCount":128,"unprotectedCount":128},[133,139,142,146,150,154,159,162,165,168,172],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","init","ahr_add_tax_meta_box","admin\\index.php",7,{"type":134,"name":135,"callback":140,"file":137,"line":141},"ahr_handle_redirections",8,{"type":134,"name":143,"callback":144,"file":137,"line":145},"add_meta_boxes","ahr_add_meta_box",9,{"type":134,"name":147,"callback":148,"file":137,"line":149},"save_post","ahr_save_meta_box",10,{"type":134,"name":151,"callback":152,"file":137,"line":153},"admin_menu","ahr_menu",12,{"type":155,"name":156,"callback":157,"priority":149,"file":137,"line":158},"filter","pre_update_option_ahr-redirect-static-resources","ahr_static_res_redirection_change",14,{"type":134,"name":160,"callback":140,"priority":11,"file":161,"line":138},"wp","frontend\\index.php",{"type":155,"name":163,"callback":164,"priority":149,"file":161,"line":145},"post_link","ahr_post_link",{"type":155,"name":166,"callback":167,"priority":149,"file":161,"line":149},"term_link","ahr_term_link",{"type":155,"name":169,"callback":170,"priority":149,"file":161,"line":171},"feed_link","ahr_feed_link",11,{"type":155,"name":173,"callback":174,"priority":149,"file":161,"line":153},"get_archives_link","ahr_archive_link",[176],{"action":177,"nopriv":178,"callback":179,"hasNonce":178,"hasCapCheck":178,"file":137,"line":171},"backup_htaccess",false,"ahr_ajax_backup_htaccess",[],[],[],{"dangerousFunctions":184,"sqlUsage":185,"outputEscaping":187,"fileOperations":194,"externalRequests":11,"nonceChecks":83,"capabilityChecks":128,"bundledLibraries":195},[],{"prepared":11,"raw":11,"locations":186},[],{"escaped":11,"rawEcho":83,"locations":188},[189,192],{"file":137,"line":190,"context":191},79,"raw output",{"file":137,"line":193,"context":191},473,4,[],[197,215],{"entryPoint":198,"graph":199,"unsanitizedCount":83,"severity":214},"ahr_redirect (advanced-https-redirection.php:45)",{"nodes":200,"edges":212},[201,207],{"id":202,"type":203,"label":204,"file":205,"line":206},"n0","source","$_SERVER['HTTP_HOST'] (x2)","advanced-https-redirection.php",58,{"id":208,"type":209,"label":210,"file":205,"line":206,"wp_function":211},"n1","sink","header() [Header Injection]","header",[213],{"from":202,"to":208,"sanitized":178},"medium",{"entryPoint":216,"graph":217,"unsanitizedCount":83,"severity":214},"\u003Cadvanced-https-redirection> (advanced-https-redirection.php:0)",{"nodes":218,"edges":221},[219,220],{"id":202,"type":203,"label":204,"file":205,"line":206},{"id":208,"type":209,"label":210,"file":205,"line":206,"wp_function":211},[222],{"from":202,"to":208,"sanitized":178},{"summary":224,"deductions":225},"The 'advanced-https-redirection' plugin, despite having no recorded vulnerabilities in its history, exhibits several concerning security practices in its static analysis. A significant weakness is the presence of an unprotected AJAX handler, which represents a direct entry point into the plugin's functionality that could be exploited without proper authentication. While the plugin demonstrates good practice by using prepared statements for all SQL queries and includes nonce checks and capability checks, the lack of output escaping on all identified outputs is a notable concern. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed to users. The taint analysis revealed unsanitized paths, indicating potential issues with how the plugin handles file operations or other path-related data. Although no critical or high severity taint flows were found, the presence of any unsanitized path flow warrants attention. In conclusion, while the plugin's SQL handling and historical vulnerability record are positive, the unprotected AJAX endpoint, unescaped output, and unsanitized path flows present tangible risks that require immediate attention.",[226,228,231],{"reason":227,"points":141},"Unprotected AJAX handler",{"reason":229,"points":230},"Outputs not properly escaped",6,{"reason":232,"points":194},"Unsanitized paths in taint flows","2026-03-17T06:56:04.731Z",{"wat":235,"direct":242},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Fadvanced-https-redirection\u002Fcss\u002Foptions-page.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-https-redirection\u002Fscripts\u002Foptions-page.js",[],[238],[],{"cssClasses":243,"htmlComments":244,"htmlAttributes":245,"restEndpoints":248,"jsGlobals":249,"shortcodeOutput":252},[],[],[246,247],"ahr-slug","ahr-redirect",[],[250,251],"ahrAnchorNumber","ahrHtaccessBacked",[]]