[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAESksxEdH31-KDxqxOvNfs0RegLSZMSV_qxd8jWlSn0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":138,"fingerprints":196},"force-user-ssl","Force User SSL","1.0","Martin Teley","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrxthefifth\u002F","\u003Cp>If your website has some functions that allow logged in users to interact with your website on the front end, you might want to force your logged in users to use your website through SSL without forcing normal users to use SSL. Instead of having to insert the code into your theme, you can also just use this plugin, which hooks it to the \u003Ccode>get_header()\u003C\u002Fcode> function.\u003Cbr \u002F>\nTo secure the WordPress administration with SSL as well, please edit your \u003Ccode>wp-config.php\u003C\u002Fcode> as described in the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FAdministration_Over_SSL\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin forces logged in users to use SSL.",0,1245,"2017-07-13T07:38:00.000Z","4.8.28","2.6.0","",[18,19,20,21,22],"force-ssl","https","security","ssl","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-user-ssl.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mrxthefifth",2,1000,30,84,"2026-04-05T07:38:38.596Z",[36,56,79,101,118],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":33,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,71,"2025-12-02T03:12:00.000Z","6.9.4","6.5",[18,19,51,52,21],"insecure-content","redirection","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":48,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":26},"wp-force-ssl","WP Force SSL & HTTPS SSL Redirect","1.68","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F?ref=wporg\" rel=\"nofollow ugc\">WP Force SSL\u003C\u002Fa> helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors \u003Cstrong>without touching any code\u003C\u002Fstrong>. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.\u003C\u002Fp>\n\u003Cp>How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get \u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F\" rel=\"nofollow ugc\">WP Force SSL PRO\u003C\u002Fa> and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.\u003C\u002Fp>\n\u003Cp>Access WP Force SSL settings via the main Settings menu -> WP Force SSL.\u003C\u002Fp>\n\u003Ch4>SSL Tests available in the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>is site on localhost?\u003C\u002Fli>\n\u003Cli>check SSL certificate\u003C\u002Fli>\n\u003Cli>check SSL certificate expiry date\u003C\u002Fli>\n\u003Cli>is latest version of Force SSL used?\u003C\u002Fli>\n\u003Cli>are known incompatible SSL plugins active?\u003C\u002Fli>\n\u003Cli>is WP address URL set for SSL?\u003C\u002Fli>\n\u003Cli>is WP home URL set for SSL?\u003C\u002Fli>\n\u003Cli>is SSL monitoring enabled (pro feature)\u003C\u002Fli>\n\u003Cli>is HTTPS redirection working?\u003C\u002Fli>\n\u003Cli>is file redirection working (pro feature)\u003C\u002Fli>\n\u003Cli>is HSTS enabled?\u003C\u002Fli>\n\u003Cli>check mixed-content issue (pro feature)\u003C\u002Fli>\n\u003Cli>is htaccess available & writable?\u003C\u002Fli>\n\u003Cli>is 404 redirection enabled (pro feature)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>redirect HTTP to HTTPS\u003C\u002Fli>\n\u003Cli>fix mixed-content (pro)\u003C\u002Fli>\n\u003Cli>enable HSTS\u003C\u002Fli>\n\u003Cli>force secure cookies (pro)\u003C\u002Fli>\n\u003Cli>cross-site scripting protection (pro)\u003C\u002Fli>\n\u003Cli>expect CT header\u003C\u002Fli>\n\u003Cli>X-Frame options\u003C\u002Fli>\n\u003Cli>show WP Force SSL menu in admin bar\u003C\u002Fli>\n\u003Cli>show WP Force SSL widget in admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SSL certificate testing tool\u003C\u002Fh4>\n\u003Cp>WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.\u003C\u002Fp>\n\u003Ch4>Need support?\u003C\u002Fh4>\n\u003Cp>We’re here for you! Things get frustrating when they don’t work so make sure you \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-force-ssl\u002F\" rel=\"ugc\">open a support topic\u003C\u002Fa> in the official Force SSL forum. We answer all questions within a few hours!\u003C\u002Fp>\n\u003Ch4>External Assets\u003C\u002Fh4>\n\u003Cp>A big thank you to \u003Ca href=\"https:\u002F\u002Fsweetalert2.github.io\u002F\" rel=\"nofollow ugc\">SweetAlert2\u003C\u002Fa> authors which we use to make alerts nicer. And to \u003Ca href=\"https:\u002F\u002Fdepositphotos.com\u002F248496280\u002Fstock-illustration-online-payment-protection-system-concept.html\" rel=\"nofollow ugc\">DepositPhotos\u003C\u002Fa> for the lovely header image.\u003C\u002Fp>\n","Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.",90000,1746375,94,179,"2025-12-03T20:17:00.000Z","4.6","5.2",[18,19,72,21,73],"mixed-content","ssl-certificate","https:\u002F\u002Fwpforcessl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-force-ssl.1.68.zip",99,1,"2024-06-07 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":48,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":99,"download_link":100,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"auto-install-free-ssl","Auto-Install Free SSL – Generate & Install Free SSL Certificates","4.6.1","Anindya Sundar Mandal","https:\u002F\u002Fprofiles.wordpress.org\u002Fspeedify\u002F","\u003Ch3>Auto-Install Free SSL\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>With over \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\u002Freviews\u002F?filter=5\" rel=\"ugc\">380 five-star reviews ⭐⭐⭐⭐⭐\u003C\u002Fa> and a 4.9 out of 5 stars average rating, ‘Auto-Install Free SSL’ empowers you to generate Free SSL Certificates in your WordPress dashboard effortlessly.\u003C\u002Fstrong> This plugin helps secure your website and saves you money.\u003C\u002Fp>\n\u003Cp>Let’s Encrypt™ SSL Certificate is FREE. But they provide it through their API. If you are not a programmer, you need to study and practice programming for years to be able to use the API of Let’s Encrypt™ to generate a single Free SSL Certificate for your WordPress website.\u003C\u002Fp>\n\u003Cp>Here is where ‘Auto-Install Free SSL’ comes into play. This WordPress plugin provides a hassle-free way to obtain and install the Let’s Encrypt™ free SSL certificate for your website. You don’t need programming or coding experience to set it up. With this plugin, you don’t need to spend hours configuring SSL or waste money purchasing SSL certificates. All you need is a few minutes.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"How to set up Automation in 1 minute (cPanel) | Auto-Install Free SSL [Pro]\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F745390051?dnt=1&app_id=122963\" width=\"750\" height=\"400\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>Minimum System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Linux or Windows hosting\u003C\u002Fli>\n\u003Cli>WordPress 4.1\u003C\u002Fli>\n\u003Cli>PHP 5.6\u003C\u002Fli>\n\u003Cli>OpenSSL extension\u003C\u002Fli>\n\u003Cli>Curl extension\u003C\u002Fli>\n\u003Cli>PHP directive allow_url_fopen = On\u003C\u002Fli>\n\u003Cli>The website should be assigned to a domain name (e.g., example.com) accessible online.\u003C\u002Fli>\n\u003Cli>Ensure your web server can serve static files – a standard feature in most web servers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FREE PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Domain Ownership Verification.\u003C\u002Fli>\n\u003Cli>Generate and renew Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>One-click Download the generated SSL certificate, Private key, and CA Bundle files.\u003C\u002Fli>\n\u003Cli>Video tutorial on cPanel: (1) How to upload HTTP-01 challenge files to verify domain ownership. (2) How to Install the Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>Written tutorial on Plesk for the above two topics.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation, i.e., HTTPS redirect, fix insecure links and mixed content warning, display the padlock in the browser’s address bar with ONLY ONE CLICK.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>Automatic renewal reminder by email and admin notice before the SSL expiry date.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The free https SSL certificate issued by Let’s Encrypt™ expires in 90 days. They recommend renewing 30 days before expiry. Please check the FAQ section to learn why the lifetime is 90 days.\u003C\u002Fp>\n\u003Cp> \u003C\u002Fp>\n\u003Cpre>\u003Ccode> Use this plugin only for HTTPS redirects too. \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If your WordPress website has an SSL certificate installed and you are looking ONLY for Force SSL activation (i.e., HTTPS redirect, fix insecure content), you can use the FREE version.\u003C\u002Fp>\n\u003Ch3>PREMIUM PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Verification of Domain Ownership.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Generation of Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Installation\u003C\u002Fstrong> of Free SSL Security Certificate (cPanel or root access is required for this automation). [However, if you have neither cPanel nor root access, we’ll Install the SSL manually for the first time and provide documentation on how to install SSL manually].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Renewal\u003C\u002Fstrong> of Free SSL Certificate (30 days before expiry).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cron Job.\u003C\u002Fstrong> No need to set the Cron Job manually.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>One-to-one Premium Support.\u003C\u002Fli>\n\u003Cli>SSL installation training for non-cPanel websites.\u003C\u002Fli>\n\u003Cli>Automatic WildCard SSL certificate for free! (Generation and installation of an SSL certificate for a domain that covers all its sub-domains.)\u003C\u002Fli>\n\u003Cli>Automatically sets the DNS TXT record to verify the domain and generate free wildcard SSL certificates (supported DNS service providers: Cloudflare, Godaddy, Namecheap, and cPanel.)\u003C\u002Fli>\n\u003Cli>Supports Multisite.\u003C\u002Fli>\n\u003Cli>Works on all the websites hosted on a cPanel \u002F web hosting.\u003C\u002Fli>\n\u003Cli>If needed, you can revoke any SSL certificate and change your Let’s Encrypt™ account key.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(The last five features are available for the unlimited sites license only.)\u003C\u002Fp>\n\u003Cp>If your WordPress website is hosted on a VPS or dedicated server and you don’t have cPanel, \u003Cstrong>Automatic Installation\u003C\u002Fstrong> of the Free SSL Certificate is still possible. Please get in touch with us after purchase.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Ffree-ssl-certificate-for-wordpress-website\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=premium_features\" rel=\"nofollow ugc\">BUY PREMIUM VERSION\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Benefits of installing an SSL certificate on your WordPress website\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Protect your users’ data:\u003C\u002Fstrong> If an SSL certificate is installed, your WordPress website’s data travels through the internet with 2048-bit (or more) encryption. No computer or hacker in between can read your users’ encrypted data. Only the intended recipient (users’ browser or your server) can decrypt and read the encrypted data. The data may be credit card-like necessary payment details, user input with a contact form, or a simple login form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Display PADLOCK:\u003C\u002Fstrong> Installing an SSL certificate is not optional anymore, even if your WordPress website doesn’t accept credit cards. Since July 2018, with version 68, Google Chrome has started to mark all HTTP (no SSL) websites as ‘Not secure’, even if it doesn’t accept user input. All other browsers followed the same path. When users visit an SSL-secured website, all browsers display a secured PADLOCK in the address bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Boost the Search Engine Ranking:\u003C\u002Fstrong> Google and other search engines aim to create a secure web. So, search engines now favor SSL-secured HTTPS websites and discourage insecure ones in the search results. If your WordPress website doesn’t have an SSL certificate installed, you are missing something significant regarding SEO and staying away from potential customers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Gain the trust of your users:\u003C\u002Fstrong> If users see the secured PADLOCK and HTTPS connection in the URL, they are assured that your website is secured. Now you are gaining the trust of your potential customers. They are confident to purchase your product or service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Fwordpress-letsencrypt-free-ssl-certificate-documentation\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=documentation\" rel=\"nofollow ugc\">click here\u003C\u002Fa> for the documentation.\u003C\u002Fp>\n\u003Ch3>Support and Report a Bug\u003C\u002Fh3>\n\u003Cp>Please check the existing topics in the WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\" rel=\"ugc\">support forum\u003C\u002Fa> before creating a new topic for support or reporting a bug.\u003C\u002Fp>\n\u003Ch3>‘AUTO-INSTALL FREE SSL’ IN YOUR LANGUAGE?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fauto-install-free-ssl\u002F\" rel=\"nofollow ugc\">Translations can be added easily here\u003C\u002Fa> if you want to translate in your language.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fletsencrypt.org\" rel=\"nofollow ugc\">Let’s Encrypt™\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>I developed this plugin based on the PHP client\u002Fapp \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=credits\" rel=\"nofollow ugc\">‘FreeSSL.tech Auto’\u003C\u002Fa>, which I developed with a massive rewrite of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanalogic\u002Flescript\" rel=\"nofollow ugc\">Lescript\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcpanel.com\" rel=\"nofollow ugc\">cPanel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Let’s Encrypt™ is a trademark of the Internet Security Research Group. All rights reserved.\u003C\u002Fp>\n","Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.",9000,501022,98,397,"2025-12-24T04:33:00.000Z","4.1","5.6",[95,96,97,73,98],"free-ssl","free-ssl-certificate","https-redirect","ssl-security","https:\u002F\u002Ffreessl.tech","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-install-free-ssl.4.6.1.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":87,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":69,"requires_php":16,"tags":114,"homepage":115,"download_link":116,"security_score":117,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"http-https-remover","SSL Mixed Content Fix","3.2.8","Steve85b","https:\u002F\u002Fprofiles.wordpress.org\u002Fsteve85b\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fhttp-https-remover\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fhttp-https-remover\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>UPDATE: This plugin will be maintained again! It changed ownership and we’re currently collecting ideas how to further improve it. If you have any cool ideas, please let us know in Support Forum. Thank you!\u003C\u002Fp>\n\u003Cp>Major updated in the latest release (3.0):\u003Cbr \u002F>\n– Plugin has a proper settings page now\u003Cbr \u002F>\n– Many bugs fixed\u003Cbr \u002F>\n– Code optimized, causing performance to increase a lot\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works in Front- and Backend\u003C\u002Fli>\n\u003Cli>Makes every Plugin compatible with https\u003C\u002Fli>\n\u003Cli>Compatible with WPBakery & Disqus\u003C\u002Fli>\n\u003Cli>Fixes Google Fonts issues\u003C\u002Fli>\n\u003Cli>Makes your website faster\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What does this Plugin do?\u003C\u002Fh4>\n\u003Cp>With protocol relative url’s you simply leave off the http: or https: part of the resource path. The browser will automatically load the resource using the same protocol that the page was loaded with.\u003C\u002Fp>\n\u003Cp>For example, an absolute url may look like\u003C\u002Fp>\n\u003Cpre>\u003Ccode>src=\"http:\u002F\u002Fdomain.com\u002Fscript.js\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you were to load this from a https page the script will not be loaded – as non-https resources are not loaded from https pages (for security reasons).\u003C\u002Fp>\n\u003Cp>The protocol relative url would look like\u003C\u002Fp>\n\u003Cpre>\u003Ccode>src=\"\u002F\u002Fdomain.com\u002Fscript.js\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>and would load if the web page was http or https.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tipp:\u003C\u002Fstrong> Check your Settings -> General page and make sure your WordPress Address and Site Address are starting with “https”.\u003Cbr \u002F>\nAdd the following two lines in your wp-config.php above the line that​ says “Stop Editing Here”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('FORCE_SSL', true);\ndefine('FORCE_SSL_ADMIN',true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>What is Mixed Content?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Mixed content\u003C\u002Fstrong> occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Example\u003C\u002Fh4>\n\u003Cp>Without Plugin:\u003Cbr \u002F>\n    src=”http:\u002F\u002Fdomain.com\u002Fscript01.js”\u003Cbr \u002F>\n    src=”https:\u002F\u002Fdomain.com\u002Fscript02.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript03.js”\u003C\u002Fp>\n\u003Cp>With Plugin:\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript01.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript02.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript03.js”\u003C\u002Fp>\n\u003Ch4>If using Cache Plugins\u003C\u002Fh4>\n\u003Cp>If the plugin isn’t working like expected please purge\u002Fclear cache for the changes to take effect!\u003C\u002Fp>\n","A fix for mixed content! This Plugin creates protocol relative urls by removing http + https from links. Works in Front- and Backend!",323765,82,34,"2024-07-17T01:21:00.000Z","6.6.5",[18,19,51,72,21],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhttp-https-Removal\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-https-remover.3.2.8.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":16,"tags":133,"homepage":136,"download_link":137,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"lh-hsts","LH HSTS","1.25","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin send the proper headers for full ssl security. For more information on what this is and why it is important visit: http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHTTP_Strict_Transport_Security\u003C\u002Fp>\n\u003Cp>The options are preset to enable browsers to preload the HSTS directive but can be overwritten by filters which are clearly documented in the code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-hsts\" rel=\"ugc\">writing a review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>To update the max-age settings, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_max_age', 'modify_ls_hsts_max_age_func');\n\nfunction modify_ls_hsts_max_age_func( $max_age ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the subdomain settings, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_subdomain’, ‘modify_ls_hsts_subdomain_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_subdomain_func( $subdomain ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>To update the preload setting, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_preload', 'modify_ls_hsts_preload_func');\n\nfunction modify_ls_hsts_preload_func( $preload ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the redirect setting, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_redirect’, ‘modify_ls_hsts_redirect_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_redirect_func( $redirect ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n","HSTS is HTTP Strict Transport Security, a means to enforce using SSL even if the user accesses the site through HTTP and not HTTPS.",700,349826,78,7,"2020-07-12T05:30:00.000Z","5.4.19","3.0",[134,19,135,20,21],"hsts","redirect","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-hsts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-hsts.zip",{"attackSurface":139,"codeSignals":151,"taintFlows":158,"riskAssessment":185,"analyzedAt":195},{"hooks":140,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":11,"unprotectedCount":11},[141],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","get_header","force_user_ssl","force-user-ssl.php",20,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":157},[],{"prepared":11,"raw":11,"locations":154},[],{"escaped":11,"rawEcho":11,"locations":156},[],[],[159,177],{"entryPoint":160,"graph":161,"unsanitizedCount":77,"severity":176},"force_user_ssl (force-user-ssl.php:14)",{"nodes":162,"edges":173},[163,168],{"id":164,"type":165,"label":166,"file":145,"line":167},"n0","source","$_SERVER['SERVER_NAME']",16,{"id":169,"type":170,"label":171,"file":145,"line":167,"wp_function":172},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[174],{"from":164,"to":169,"sanitized":175},false,"medium",{"entryPoint":178,"graph":179,"unsanitizedCount":77,"severity":176},"\u003Cforce-user-ssl> (force-user-ssl.php:0)",{"nodes":180,"edges":183},[181,182],{"id":164,"type":165,"label":166,"file":145,"line":167},{"id":169,"type":170,"label":171,"file":145,"line":167,"wp_function":172},[184],{"from":164,"to":169,"sanitized":175},{"summary":186,"deductions":187},"The 'force-user-ssl' v1.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code demonstrates excellent practices by not utilizing dangerous functions, all SQL queries are prepared, and all outputs are properly escaped. There are no file operations or external HTTP requests, and critically, no identified taint flows with unsanitized paths at a high or critical severity. The plugin also has no recorded vulnerability history, indicating a lack of known security issues. \n\nHowever, there are a few areas that warrant attention. The absence of nonce checks and capability checks, while not immediately indicative of a vulnerability given the zero attack surface, represents a missed opportunity for robust security if the plugin were to be expanded in the future. The two identified flows with unsanitized paths, even though classified as low severity, suggest that input validation might be less stringent than ideal. While the plugin currently presents a low risk due to its limited functionality and lack of known vulnerabilities, future development should prioritize incorporating security best practices like nonce and capability checks to maintain this strong security posture.",[188,191,193],{"reason":189,"points":190},"Flows with unsanitized paths (2)",4,{"reason":192,"points":30},"No nonce checks",{"reason":194,"points":30},"No capability checks","2026-03-17T06:52:06.990Z",{"wat":197,"direct":202},{"assetPaths":198,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[],[],[],[],{"cssClasses":203,"htmlComments":204,"htmlAttributes":205,"restEndpoints":206,"jsGlobals":207,"shortcodeOutput":208},[],[],[],[],[],[]]