[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-RP0cxZ0ynrVt1wY0j0l1UqawD9Qgb2vBT_a_Soi16o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":16,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":134,"fingerprints":198},"https-mixed-content-detector","HTTPS Mixed Content Detector","1.2.0","Zack Tollman","https:\u002F\u002Fprofiles.wordpress.org\u002Ftollmanz\u002F","\u003Cp>When deploying a TLS enabled website, you must ensure that all content loaded on the site is loaded from secure origin.\u003Cbr \u002F>\nIf your content is loaded from an insecure source, the security of your whole site is compromised and modern browsers\u003Cbr \u002F>\nwill downgrade your website’s security rating.\u003C\u002Fp>\n\u003Cp>The HTTPS Mixed Content Detector plugin attempts to identify sources of mixed content warnings. The plugin will examine\u003Cbr \u002F>\ncontent loaded from the site when admins are viewing the site. Any content that violates the policy of loading content\u003Cbr \u002F>\nthat originates from “https:” resources will trigger an error and that resource will be logged. Viewing the log will\u003Cbr \u002F>\nallow you to examine the site for any warnings and remove them before they cause problems for your website.\u003C\u002Fp>\n","Detects and logs content that will cause mixed content warnings.",60,8281,100,6,"2015-01-19T06:02:00.000Z","","4.0.1",[19,20,21],"https","ssl","tls","https:\u002F\u002Fgithub.com\u002Ftollmanz\u002Fwordpress-https-mixed-content-detector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-mixed-content-detector.1.2.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"tollmanz",1000,30,84,"2026-04-04T17:22:15.630Z",[36,55,74,94,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simple-https","Simple HTTPS","2.2.6","neoslab","https:\u002F\u002Fprofiles.wordpress.org\u002Fneoslab\u002F","\u003Cp>Simple HTTPS automatically detects if your website run properly over HTTPS and fix your website accordingly without any extra useless line of code. Your website will move to SSL within few clicks. This plugin also allow you to enable HTTP Strict Transport Security for your website.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial site.\u003C\u002Fp>\n","Correct your SSL\u002FHTTPS issue within few clicks and enable HTTP Strict Transport Security for your website.",400,8921,1,"2025-04-26T00:07:00.000Z","6.8.5","4.9",[19,51,20,52,21],"redirect","ssl-fix","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-https\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-https.2.2.7.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":16,"tags":69,"homepage":72,"download_link":73,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"https-domain-alias","HTTPS Domain Alias","1.4.3","Otto Kekäläinen","https:\u002F\u002Fprofiles.wordpress.org\u002Fottok\u002F","\u003Cp>This plugin is useful e.g. if you have a wildcard SSL\u002FTLS certificate for server but not for each site.\u003C\u002Fp>\n\u003Cp>If the site is normally at say \u003Ccode>http:\u002F\u002Fexample.org\u002F\u003C\u002Fcode> and you want to have the admin area https protected, but you don’t have a SSL\u002FTLS certificate so that \u003Ccode>https:\u002F\u002Fexample.org\u002F\u003C\u002Fcode> would work, you can define another domain for secure connections.\u003C\u002Fp>\n\u003Cp>For example instead of \u003Ccode>https:\u002F\u002Fexample.org\u002Fwp-login.php\u003C\u002Fcode> or \u003Ccode>https:\u002F\u002Fexample.org\u002Fwp-admin\u002F\u003C\u002Fcode> the user is redirected to \u003Ccode>https:\u002F\u002Fexample.seravo.com\u002Fwp-login.php\u003C\u002Fcode> or \u003Ccode>https:\u002F\u002Fexample.seravo.com\u002Fwp-admin\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>This plugin works with both normal WordPress installations and WordPress Network installation and is compatible with the WordPress MU Domain Mapping plugin.\u003C\u002Fp>\n\u003Cp>The code is optimized to be fast and does not for example do any database lookups or use cookies.\u003C\u002Fp>\n\u003Cp>This plugin is made by \u003Ca href=\"https:\u002F\u002Fseravo.com\u002F\" rel=\"nofollow ugc\">Seravo Oy\u003C\u002Fa>, which specializes in open source support services and among others is the only company in Finland to provide \u003Ca href=\"https:\u002F\u002Fseravo.com\u002F\" rel=\"nofollow ugc\">WordPress Premium Hosting\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Source available at https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-https-domain-alias\u003C\u002Fp>\n","Enable your site to have a different domains for HTTP and HTTPS.",40,12507,5,"2020-07-28T08:06:00.000Z","4.9.29","3.7",[70,71,19,20,21],"alias","domain","https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-https-domain-alias","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-domain-alias.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":33,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":16,"tags":88,"homepage":92,"download_link":93,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,71,"2025-12-02T03:12:00.000Z","6.9.4","6.5",[89,19,90,91,20],"force-ssl","insecure-content","redirection","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":82,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":86,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":111,"download_link":112,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"ssl-insecure-content-fixer","SSL Insecure Content Fixer","2.7.2","webaware","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaware\u002F","\u003Cp>Clean up your WordPress website’s HTTPS insecure content and mixed content warnings. Installing the SSL Insecure Content Fixer plugin will solve most insecure content warnings with little or no effort. The remainder can be diagnosed with a few simple tools.\u003C\u002Fp>\n\u003Cp>When you install SSL Insecure Content Fixer, its default settings are activated and it will automatically perform some basic fixes on your website using the Simple fix level. You can select more comprehensive fix levels as needed by your website.\u003C\u002Fp>\n\u003Cp>WordPress Multisite gets a network settings page. This can be used to set default settings for all sites within a network, so that network administrators only need to specify settings on sites that have requirements differing from the network defaults.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fssl.webaware.net.au\u002F\" rel=\"nofollow ugc\">SSL Insecure Content Fixer website\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Many thanks to the generous efforts of our translators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bulgarian (bg_BG) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fbg\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Bulgarian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese simplified (zh_CN) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fzh-cn\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Chinese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_CA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-ca\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (Canadian) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_GB) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-gb\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (British) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_ZA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-za\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (South African) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fnl\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Dutch translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fde\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the German translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French (fr_FR) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Ffr\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the French translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fit\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Italian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Japanese (ja) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fja\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Japanese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fru\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Russian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fes\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Spanish translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to help out by translating this plugin, please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">sign up for an account and dig in\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>SSL Insecure Content Fixer does not collect any personally identifying information, and does not set any cookies.\u003C\u002Fp>\n","Clean up WordPress website HTTPS insecure content",2650141,96,221,"2025-12-14T04:38:00.000Z","4.0","5.3",[19,90,109,110,20],"mixed-content","partially-encrypted","https:\u002F\u002Fssl.webaware.net.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-insecure-content-fixer.2.7.2.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":86,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":46,"unpatched_count":25,"last_vuln_date":133,"fetched_at":27},"wp-force-ssl","WP Force SSL & HTTPS SSL Redirect","1.68","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F?ref=wporg\" rel=\"nofollow ugc\">WP Force SSL\u003C\u002Fa> helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors \u003Cstrong>without touching any code\u003C\u002Fstrong>. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.\u003C\u002Fp>\n\u003Cp>How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get \u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F\" rel=\"nofollow ugc\">WP Force SSL PRO\u003C\u002Fa> and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.\u003C\u002Fp>\n\u003Cp>Access WP Force SSL settings via the main Settings menu -> WP Force SSL.\u003C\u002Fp>\n\u003Ch4>SSL Tests available in the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>is site on localhost?\u003C\u002Fli>\n\u003Cli>check SSL certificate\u003C\u002Fli>\n\u003Cli>check SSL certificate expiry date\u003C\u002Fli>\n\u003Cli>is latest version of Force SSL used?\u003C\u002Fli>\n\u003Cli>are known incompatible SSL plugins active?\u003C\u002Fli>\n\u003Cli>is WP address URL set for SSL?\u003C\u002Fli>\n\u003Cli>is WP home URL set for SSL?\u003C\u002Fli>\n\u003Cli>is SSL monitoring enabled (pro feature)\u003C\u002Fli>\n\u003Cli>is HTTPS redirection working?\u003C\u002Fli>\n\u003Cli>is file redirection working (pro feature)\u003C\u002Fli>\n\u003Cli>is HSTS enabled?\u003C\u002Fli>\n\u003Cli>check mixed-content issue (pro feature)\u003C\u002Fli>\n\u003Cli>is htaccess available & writable?\u003C\u002Fli>\n\u003Cli>is 404 redirection enabled (pro feature)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>redirect HTTP to HTTPS\u003C\u002Fli>\n\u003Cli>fix mixed-content (pro)\u003C\u002Fli>\n\u003Cli>enable HSTS\u003C\u002Fli>\n\u003Cli>force secure cookies (pro)\u003C\u002Fli>\n\u003Cli>cross-site scripting protection (pro)\u003C\u002Fli>\n\u003Cli>expect CT header\u003C\u002Fli>\n\u003Cli>X-Frame options\u003C\u002Fli>\n\u003Cli>show WP Force SSL menu in admin bar\u003C\u002Fli>\n\u003Cli>show WP Force SSL widget in admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SSL certificate testing tool\u003C\u002Fh4>\n\u003Cp>WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.\u003C\u002Fp>\n\u003Ch4>Need support?\u003C\u002Fh4>\n\u003Cp>We’re here for you! Things get frustrating when they don’t work so make sure you \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-force-ssl\u002F\" rel=\"ugc\">open a support topic\u003C\u002Fa> in the official Force SSL forum. We answer all questions within a few hours!\u003C\u002Fp>\n\u003Ch4>External Assets\u003C\u002Fh4>\n\u003Cp>A big thank you to \u003Ca href=\"https:\u002F\u002Fsweetalert2.github.io\u002F\" rel=\"nofollow ugc\">SweetAlert2\u003C\u002Fa> authors which we use to make alerts nicer. And to \u003Ca href=\"https:\u002F\u002Fdepositphotos.com\u002F248496280\u002Fstock-illustration-online-payment-protection-system-concept.html\" rel=\"nofollow ugc\">DepositPhotos\u003C\u002Fa> for the lovely header image.\u003C\u002Fp>\n","Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.",90000,1746375,94,179,"2025-12-03T20:17:00.000Z","4.6","5.2",[89,19,109,20,129],"ssl-certificate","https:\u002F\u002Fwpforcessl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-force-ssl.1.68.zip",99,"2024-06-07 00:00:00",{"attackSurface":135,"codeSignals":168,"taintFlows":186,"riskAssessment":187,"analyzedAt":197},{"hooks":136,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":25,"unprotectedCount":25},[137,143,148,153,156,160],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","init","register_post_type","beacon.php",46,{"type":144,"name":145,"callback":146,"file":141,"line":147},"filter","manage_edit-csp-report_columns","manage_edit_csp_report_columns",47,{"type":138,"name":149,"callback":150,"priority":151,"file":141,"line":152},"manage_csp-report_posts_custom_column","manage_csp_report_posts_custom_column",10,48,{"type":138,"name":139,"callback":154,"file":141,"line":155},"handle_report_uri",50,{"type":138,"name":139,"callback":157,"priority":46,"file":158,"line":159},"mcd_get_mixed_content_detector","https-mixed-content-detector.php",182,{"type":138,"name":139,"callback":161,"file":162,"line":163},"add_cps_header","policy.php",42,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":46,"externalRequests":46,"nonceChecks":46,"capabilityChecks":46,"bundledLibraries":185},[],{"prepared":25,"raw":25,"locations":171},[],{"escaped":173,"rawEcho":174,"locations":175},26,4,[176,179,181,183],{"file":141,"line":177,"context":178},161,"raw output",{"file":141,"line":180,"context":178},172,{"file":141,"line":182,"context":178},174,{"file":141,"line":184,"context":178},194,[],[],{"summary":188,"deductions":189},"The https-mixed-content-detector plugin v1.2.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, critical or high severity taint flows, and a complete lack of SQL injection vulnerabilities due to the exclusive use of prepared statements are significant strengths. Furthermore, the plugin demonstrates good practices by incorporating nonce and capability checks, and a high percentage of properly escaped output, indicating an awareness of common web application security risks. The limited attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, further reduces the potential for exploitation.\n\nDespite the positive indicators, there are minor areas for consideration. The presence of file operations and external HTTP requests, while not inherently problematic, could present potential risks if not handled with extreme care and robust validation, especially in combination with less than perfectly escaped output. The 13% of output that is not properly escaped, though seemingly small, could still be a vector for cross-site scripting (XSS) vulnerabilities if the unescaped data originates from an untrusted source or is rendered in a sensitive context. The lack of any taint analysis flows being analyzed is also a point of interest, suggesting either a very simple code structure or that such analysis was not performed comprehensively.\n\nIn conclusion, https-mixed-content-detector v1.2.0 appears to be a securely developed plugin with a history free of significant vulnerabilities. The development team has implemented many best practices. The primary areas for vigilance would be ensuring the secure handling of file operations and external requests, and diligently addressing the remaining unescaped output to achieve a fully robust security profile.",[190,192,195],{"reason":191,"points":174},"Unescaped output exists",{"reason":193,"points":194},"File operations present",2,{"reason":196,"points":194},"External HTTP requests present","2026-03-16T21:43:25.312Z",{"wat":199,"direct":208},{"assetPaths":200,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[201,202],"\u002Fwp-content\u002Fplugins\u002Fhttps-mixed-content-detector\u002Fassets\u002Fjs\u002Fmcd-beacon.js","\u002Fwp-content\u002Fplugins\u002Fhttps-mixed-content-detector\u002Fassets\u002Fcss\u002Fmcd-styles.css",[5],[201],[206,207],"https-mixed-content-detector\u002Fassets\u002Fjs\u002Fmcd-beacon.js?ver=","https-mixed-content-detector\u002Fassets\u002Fcss\u002Fmcd-styles.css?ver=",{"cssClasses":209,"htmlComments":211,"htmlAttributes":212,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":216},[210],"mcd-dashboard-widget",[],[],[],[215],"MCD_BEACON_CONFIG",[]]