[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fA2v8DHLIfOtVM4wRmCh7SSiiYRKrispErNn0XEW6jYs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":133,"fingerprints":247},"https-domain-alias","HTTPS Domain Alias","1.4.3","Otto Kekäläinen","https:\u002F\u002Fprofiles.wordpress.org\u002Fottok\u002F","\u003Cp>This plugin is useful e.g. if you have a wildcard SSL\u002FTLS certificate for server but not for each site.\u003C\u002Fp>\n\u003Cp>If the site is normally at say \u003Ccode>http:\u002F\u002Fexample.org\u002F\u003C\u002Fcode> and you want to have the admin area https protected, but you don’t have a SSL\u002FTLS certificate so that \u003Ccode>https:\u002F\u002Fexample.org\u002F\u003C\u002Fcode> would work, you can define another domain for secure connections.\u003C\u002Fp>\n\u003Cp>For example instead of \u003Ccode>https:\u002F\u002Fexample.org\u002Fwp-login.php\u003C\u002Fcode> or \u003Ccode>https:\u002F\u002Fexample.org\u002Fwp-admin\u002F\u003C\u002Fcode> the user is redirected to \u003Ccode>https:\u002F\u002Fexample.seravo.com\u002Fwp-login.php\u003C\u002Fcode> or \u003Ccode>https:\u002F\u002Fexample.seravo.com\u002Fwp-admin\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>This plugin works with both normal WordPress installations and WordPress Network installation and is compatible with the WordPress MU Domain Mapping plugin.\u003C\u002Fp>\n\u003Cp>The code is optimized to be fast and does not for example do any database lookups or use cookies.\u003C\u002Fp>\n\u003Cp>This plugin is made by \u003Ca href=\"https:\u002F\u002Fseravo.com\u002F\" rel=\"nofollow ugc\">Seravo Oy\u003C\u002Fa>, which specializes in open source support services and among others is the only company in Finland to provide \u003Ca href=\"https:\u002F\u002Fseravo.com\u002F\" rel=\"nofollow ugc\">WordPress Premium Hosting\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Source available at https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-https-domain-alias\u003C\u002Fp>\n","Enable your site to have a different domains for HTTP and HTTPS.",40,12507,100,5,"2020-07-28T08:06:00.000Z","4.9.29","3.7","",[20,21,22,23,24],"alias","domain","https","ssl","tls","https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-https-domain-alias","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-domain-alias.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"ottok",4,6140,30,84,"2026-04-04T07:12:02.639Z",[40,59,78,94,114],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":57,"download_link":58,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-https","Simple HTTPS","2.2.6","neoslab","https:\u002F\u002Fprofiles.wordpress.org\u002Fneoslab\u002F","\u003Cp>Simple HTTPS automatically detects if your website run properly over HTTPS and fix your website accordingly without any extra useless line of code. Your website will move to SSL within few clicks. This plugin also allow you to enable HTTP Strict Transport Security for your website.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial site.\u003C\u002Fp>\n","Correct your SSL\u002FHTTPS issue within few clicks and enable HTTP Strict Transport Security for your website.",400,8921,1,"2025-04-26T00:07:00.000Z","6.8.5","4.9",[22,55,23,56,24],"redirect","ssl-fix","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-https\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-https.2.2.7.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":13,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":50,"unpatched_count":28,"last_vuln_date":77,"fetched_at":30},"domain-check","Domain Check","1.0.19","domaincheckplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomaincheckplugin\u002F","\u003Cp>\u003Cstrong>Domain Check\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Domain Check allows you to see what domains and SSL certificates are coming up for expiration and to quickly locate the coupons, coupon codes, and deals from your favorite sites before renewing. Add any email addresses and have multiple people get alerts for upcoming domain renewals or SSL certificate expiration.  You can also search for new domain names with the domain checker using hundreds of supported extensions and even check if your SSL certificates are working on a number of sites. All this plus bulk importing makes Domain Check the best domain management tool for your domain portfolio.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Your Domains\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Marking a domain as Owned will show it within the Your Domains section. This is used to easily filter out the domain names within Domain Check that you own. You can use this section to easily filter your own domains and add expiration notifications and domain expiration alerts to all of your domains. Searching a domain from the Your Domains section will automatically mark it as Owned. Its also the perfect for anyone using domain mapping to keep track of their domains.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Domain Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Domain Search is where you can search the availability of domain names just like any other domain checker and see a history of your past domain name searches. Search any of the available domain extensions and TLDs within Domain Check, mark domains as Owned or Taken and set a domain expiration notification for a domain. You can easily click from any search result to see other domains available with the name name but a different domain extension.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Domain Watch\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Domain Watch lets you see at a glance which domains you’ve set up domain expiration alerts for and allows you to view at a glance when your domains are expiring. You can see domains that are Owned or Taken allowing you to monitor other domains you may want backorder to keep track of expiration dates on.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SSL Check\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SSL Check is where you can search to see the status of your SSL certificates and check if your current SSL certificates are valid. See all your previous SSL checks easily so you can keep checking all your certificates and mark any of them as needing SSL expirtation notification alerts. See at a glance which SSL certificates are valid and which sites are not secure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SSL Expiration Alerts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SSL Expiration Alerts allow you to monitor your SSL certificates and send out SSL certificate expiration notifications and alerts. All of the SSL certificates and domains you are monitoring are seen in this SSL Expiration Alerts list and you can refresh or remove any SSL certificate at any time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Import \u002F Export\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Import \u002F Export is how you get your domain names and SSL certificates in to Domain Check. You can use any CSV or XML outputs from your domain registrar or even just highlight you entire list of domains and copy and paste. Domain Check will find any domain names within the CSV, XML, or copy and pasted text and allow you to bulk import your domain names. You can also bulk import SSL certificate URLs and mark any bulk imports to set all domains or SSL certificates to have expiration alerts. This is also a great bulk domain checker.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Like most plugins Domain Check allows you to adjust certain settings within the plugin to help you stay on top your domains and domain names.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coupons & Deals\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Coupons and Deals section of the plugin is where you can view all of the coupons or deals from major domain registrars, SSL certificate providers, and hosting companies. Refresh the coupons to get the most up to date daily coupon codes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services & APIs Used\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin uses some data and services for free through calls to URLs & APIs at the domain \u003Ca href=\"http:\u002F\u002Fdomaincheckplugin.com\" rel=\"nofollow ugc\">domaincheckplugin.com\u003C\u002Fa>. No tricks, no signups, and everything is 100% free and included with use of the plugin! This plugin uses affiliate links from some registrars and services to help keep this plugin free 🙂\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Help\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdomaincheckplugin.com\" rel=\"nofollow ugc\">Looking for more help with Domain Check, the Domain Search domain checker, Domain Watch, SSL Check, SSL Alerts, or Coupon, Coupon Codes, and Deals? Please see the Domain Check website: http:\u002F\u002Fdomaincheckplugin.com\u003C\u002Fa>\u003C\u002Fp>\n","Domain Check lets you search domain names, check SSL certificates and HTTPS, set email alerts for domain and SSL expiration, and get daily coupons.",17641,9,"2022-01-26T21:25:00.000Z","5.9.13","3.8",[73,21,22,74,23],"admin","multisite","http:\u002F\u002Fdomaincheckplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdomain-check.1.0.19.zip","2021-12-28 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":88,"last_updated":89,"tested_up_to":18,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":92,"download_link":93,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"https-mixed-content-detector","HTTPS Mixed Content Detector","1.2.0","Zack Tollman","https:\u002F\u002Fprofiles.wordpress.org\u002Ftollmanz\u002F","\u003Cp>When deploying a TLS enabled website, you must ensure that all content loaded on the site is loaded from secure origin.\u003Cbr \u002F>\nIf your content is loaded from an insecure source, the security of your whole site is compromised and modern browsers\u003Cbr \u002F>\nwill downgrade your website’s security rating.\u003C\u002Fp>\n\u003Cp>The HTTPS Mixed Content Detector plugin attempts to identify sources of mixed content warnings. The plugin will examine\u003Cbr \u002F>\ncontent loaded from the site when admins are viewing the site. Any content that violates the policy of loading content\u003Cbr \u002F>\nthat originates from “https:” resources will trigger an error and that resource will be logged. Viewing the log will\u003Cbr \u002F>\nallow you to examine the site for any warnings and remove them before they cause problems for your website.\u003C\u002Fp>\n","Detects and logs content that will cause mixed content warnings.",60,8281,6,"2015-01-19T06:02:00.000Z","4.0.1",[22,23,24],"https:\u002F\u002Fgithub.com\u002Ftollmanz\u002Fwordpress-https-mixed-content-detector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-mixed-content-detector.1.2.0.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":37,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":112,"download_link":113,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,71,"2025-12-02T03:12:00.000Z","6.9.4","6.5",[109,22,110,111,23],"force-ssl","insecure-content","redirection","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":102,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":106,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ssl-insecure-content-fixer","SSL Insecure Content Fixer","2.7.2","webaware","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaware\u002F","\u003Cp>Clean up your WordPress website’s HTTPS insecure content and mixed content warnings. Installing the SSL Insecure Content Fixer plugin will solve most insecure content warnings with little or no effort. The remainder can be diagnosed with a few simple tools.\u003C\u002Fp>\n\u003Cp>When you install SSL Insecure Content Fixer, its default settings are activated and it will automatically perform some basic fixes on your website using the Simple fix level. You can select more comprehensive fix levels as needed by your website.\u003C\u002Fp>\n\u003Cp>WordPress Multisite gets a network settings page. This can be used to set default settings for all sites within a network, so that network administrators only need to specify settings on sites that have requirements differing from the network defaults.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fssl.webaware.net.au\u002F\" rel=\"nofollow ugc\">SSL Insecure Content Fixer website\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Many thanks to the generous efforts of our translators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bulgarian (bg_BG) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fbg\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Bulgarian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese simplified (zh_CN) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fzh-cn\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Chinese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_CA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-ca\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (Canadian) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_GB) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-gb\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (British) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_ZA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-za\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (South African) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fnl\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Dutch translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fde\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the German translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French (fr_FR) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Ffr\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the French translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fit\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Italian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Japanese (ja) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fja\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Japanese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fru\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Russian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fes\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Spanish translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to help out by translating this plugin, please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">sign up for an account and dig in\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>SSL Insecure Content Fixer does not collect any personally identifying information, and does not set any cookies.\u003C\u002Fp>\n","Clean up WordPress website HTTPS insecure content",2650141,96,221,"2025-12-14T04:38:00.000Z","4.0","5.3",[22,110,129,130,23],"mixed-content","partially-encrypted","https:\u002F\u002Fssl.webaware.net.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-insecure-content-fixer.2.7.2.zip",{"attackSurface":134,"codeSignals":208,"taintFlows":215,"riskAssessment":241,"analyzedAt":246},{"hooks":135,"ajaxHandlers":204,"restRoutes":205,"shortcodes":206,"cronEvents":207,"entryPointCount":28,"unprotectedCount":28},[136,143,146,149,152,155,158,161,164,167,170,174,179,183,188,192,196,200],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"filter","login_url","anonymous",20,"https-domain-alias.php",265,{"type":137,"name":144,"callback":139,"priority":140,"file":141,"line":145},"logout_url",266,{"type":137,"name":147,"callback":139,"priority":140,"file":141,"line":148},"admin_url",267,{"type":137,"name":150,"callback":139,"priority":140,"file":141,"line":151},"wp_redirect",268,{"type":137,"name":153,"callback":139,"priority":140,"file":141,"line":154},"plugins_url",269,{"type":137,"name":156,"callback":139,"priority":140,"file":141,"line":157},"content_url",270,{"type":137,"name":159,"callback":139,"priority":140,"file":141,"line":160},"theme_mod_header_image",271,{"type":137,"name":162,"callback":139,"priority":140,"file":141,"line":163},"wp_get_attachment_url",272,{"type":137,"name":165,"callback":139,"priority":140,"file":141,"line":166},"wp_get_attachment_thumb_url",273,{"type":137,"name":168,"callback":139,"priority":140,"file":141,"line":169},"site_url",274,{"type":137,"name":171,"callback":172,"priority":140,"file":141,"line":173},"home_url","htsda_home_url_rewrite",275,{"type":137,"name":175,"callback":176,"priority":177,"file":141,"line":178},"media_send_to_editor","htsda_root_relative_media_urls",10,278,{"type":137,"name":180,"callback":181,"priority":177,"file":141,"line":182},"image_send_to_editor","htsda_root_relative_image_urls",279,{"type":184,"name":185,"callback":186,"file":141,"line":187},"action","admin_enqueue_scripts","htsda_link_adder_fix",280,{"type":184,"name":189,"callback":190,"file":141,"line":191},"activated_plugin","htsda_https_domain_alias_must_be_first_plugin",304,{"type":184,"name":193,"callback":194,"file":141,"line":195},"wp","htsda_https_domain_alias_redirect_visitors",331,{"type":184,"name":197,"callback":198,"file":141,"line":199},"admin_menu","htsda_https_domain_alias_readme",346,{"type":137,"name":201,"callback":202,"priority":14,"file":141,"line":203},"get_sample_permalink_html","htsda_sample_permalink_html",443,[],[],[],[],{"dangerousFunctions":209,"sqlUsage":210,"outputEscaping":212,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":214},[],{"prepared":28,"raw":28,"locations":211},[],{"escaped":28,"rawEcho":28,"locations":213},[],[],[216,233],{"entryPoint":217,"graph":218,"unsanitizedCount":50,"severity":232},"htsda_https_domain_alias_redirect_visitors (https-domain-alias.php:332)",{"nodes":219,"edges":229},[220,225],{"id":221,"type":222,"label":223,"file":141,"line":224},"n0","source","$_SERVER['REQUEST_URI']",339,{"id":226,"type":227,"label":228,"file":141,"line":224,"wp_function":150},"n1","sink","wp_redirect() [Open Redirect]",[230],{"from":221,"to":226,"sanitized":231},false,"medium",{"entryPoint":234,"graph":235,"unsanitizedCount":50,"severity":232},"\u003Chttps-domain-alias> (https-domain-alias.php:0)",{"nodes":236,"edges":239},[237,238],{"id":221,"type":222,"label":223,"file":141,"line":224},{"id":226,"type":227,"label":228,"file":141,"line":224,"wp_function":150},[240],{"from":221,"to":226,"sanitized":231},{"summary":242,"deductions":243},"The \"https-domain-alias\" plugin v1.4.3 exhibits a strong security posture based on the provided static analysis.  The absence of any detected entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface.  Furthermore, the code demonstrates good security practices with 100% of SQL queries using prepared statements and all detected outputs being properly escaped, with no dangerous functions, file operations, or external HTTP requests observed.\n\nHowever, the taint analysis does reveal two flows with unsanitized paths. While these are not flagged as critical or high severity, they still represent a potential concern that could be exploited under specific circumstances, especially if the input sources for these paths are not rigorously validated. The plugin also has no recorded vulnerability history, which is a positive indicator of its past security, but this does not entirely negate the risks identified in the current analysis.\n\nIn conclusion, the plugin is generally well-secured with a minimal attack surface and adherence to secure coding principles. The primary concern lies with the two identified taint flows that have unsanitized paths, which warrants attention and potential remediation to achieve a more robust security profile. The lack of historical vulnerabilities is a strength, but vigilance is still required for the identified code signals.",[244],{"reason":245,"points":88},"Flows with unsanitized paths found","2026-03-16T22:13:16.868Z",{"wat":248,"direct":255},{"assetPaths":249,"generatorPatterns":252,"scriptPaths":253,"versionParams":254},[250,251],"\u002Fwp-content\u002Fplugins\u002Fhttps-domain-alias\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fhttps-domain-alias\u002Fjs\u002Fadmin-script.js",[],[],[],{"cssClasses":256,"htmlComments":257,"htmlAttributes":292,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":297},[],[258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291]," Copyright 2015-2018 Seravo Oy"," This program is free software; you can redistribute it and\u002For modify"," it under the terms of the GNU General Public License, version 3, as"," published by the Free Software Foundation."," This program is distributed in the hope that it will be useful,"," but WITHOUT ANY WARRANTY; without even the implied warranty of"," MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the"," GNU General Public License for more details."," You should have received a copy of the GNU General Public License"," along with this program; if not, write to the Free Software"," Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA"," Make sure a https capable domain is used {@see HTTPS_DOMAIN_ALIAS} if the"," protocol is HTTPS."," Make sure the wp-config.php defines the needed constants, e.g."," define('FORCE_SSL_LOGIN', true);"," define('FORCE_SSL_ADMIN', true);"," define('HTTPS_DOMAIN_ALIAS', 'coss.seravo.fi');"," On a WordPress Network install HTTPS_DOMAIN_ALIAS can also be"," defined with a wildcard, e.g. '*.seravo.fi'."," Compatible with WordPress MU Domain Mapping."," Example:"," Redirect never points to https:\u002F\u002Fcoss.fi\u002F.."," but instead always to https:\u002F\u002Fcoss.seravo.com\u002F..."," For more information see readme.txt"," Same as above, but handles all domains in a multisite"," Debug wrapper"," Rewrites specific for homeurl"," Store the original url in a global constant so that we can use it later to fix things"," don't rewrite urls for polylang settings page"," Additional functionality to make all links relative"," This helps keep the front end clean of any HTTPS domain alias links"," Thanks to @chernjie for the idea!"," This converts any link to slash-relative"," NOTE: this applies to external links as well, so be careful with this!",[293],"data-https-domain-alias-debug",[],[296],"window.https_domain_alias_admin_script",[]]