Does Force User SSL have any unpatched vulnerabilities?

No. All known vulnerabilities in Force User SSL have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Force User SSL compatible with WordPress 4.8.28?

According to WordPress.org data, Force User SSL 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Force User SSL updated?

Force User SSL was last updated on Jul 13, 2017. Frequent updates are generally a positive security signal.

What is Force User SSL's security score?

Force User SSL has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Force User SSL Security & Risk Analysis

wordpress.org/plugins/force-user-ssl

This plugin forces logged in users to use SSL.

0 active installs v1.0 PHP + WP 2.6.0+ Updated Jul 13, 2017

force-sslhttpssecurityssluser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Force User SSL Safe to Use in 2026?

Generally Safe

Score 85/100

Force User SSL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'force-user-ssl' v1.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code demonstrates excellent practices by not utilizing dangerous functions, all SQL queries are prepared, and all outputs are properly escaped. There are no file operations or external HTTP requests, and critically, no identified taint flows with unsanitized paths at a high or critical severity. The plugin also has no recorded vulnerability history, indicating a lack of known security issues.

However, there are a few areas that warrant attention. The absence of nonce checks and capability checks, while not immediately indicative of a vulnerability given the zero attack surface, represents a missed opportunity for robust security if the plugin were to be expanded in the future. The two identified flows with unsanitized paths, even though classified as low severity, suggest that input validation might be less stringent than ideal. While the plugin currently presents a low risk due to its limited functionality and lack of known vulnerabilities, future development should prioritize incorporating security best practices like nonce and capability checks to maintain this strong security posture.

Key Concerns

Flows with unsanitized paths (2)
No nonce checks
No capability checks

Vulnerabilities

None known

Force User SSL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Force User SSL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

force_user_ssl (force-user-ssl.php:14)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Force User SSL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionget_headerforce-user-ssl.php:20

Maintenance & Trust

Force User SSL Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 13, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Force User SSL Alternatives

Easy HTTPS Redirection (SSL)

https-redirection

100

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

100K No CVEs

WP Force SSL & HTTPS SSL Redirect

wp-force-ssl

Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.

90K 1 CVE

Auto-Install Free SSL – Generate & Install Free SSL Certificates

auto-install-free-ssl

100

Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.

9K No CVEs

SSL Mixed Content Fix

http-https-remover

A fix for mixed content! This Plugin creates protocol relative urls by removing http + https from links. Works in Front- and Backend!

9K No CVEs

LH HSTS

lh-hsts

HSTS is HTTP Strict Transport Security, a means to enforce using SSL even if the user accesses the site through HTTP and not HTTPS.

700 No CVEs

Developer Profile

Force User SSL Developer Profile

Martin Teley

2 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Force User SSL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ