Does JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable compatible with WordPress 6.9.4?

According to WordPress.org data, JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable 3.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable compatible with PHP 7.4.33+?

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable requires PHP 7.4.33 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable's security score?

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Security & Risk Analysis

wordpress.org/plugins/jsm-force-ssl

No setup required - simply activate to force HTTP URLs to HTTPS using native WordPress filters and permanent redirects for best SEO.

7K active installs v3.5.0 PHP 7.4.33+ WP 6.0+ Updated Mar 25, 2026

force-sslinsecure-contentmixed-contentredirectseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Safe to Use in 2026?

Generally Safe

Score 100/100

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The jsm-force-ssl plugin v3.5.0 appears to have a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits its attack surface. Furthermore, the code signals indicate good development practices, with no dangerous functions, 100% use of prepared statements for SQL queries, and properly escaped output. The lack of file operations, external HTTP requests, and the reported absence of bundled libraries also contribute positively to its security. The taint analysis, while showing two flows with unsanitized paths, did not identify any critical or high severity issues, suggesting these paths might be benign or handled internally without user interaction. The plugin's vulnerability history is clean, with zero recorded CVEs, indicating a history of responsible security management. Overall, jsm-force-ssl v3.5.0 demonstrates a robust security implementation with minimal evident risks, primarily due to its limited interaction points and adherence to secure coding standards. The only minor concern identified through taint analysis suggests further investigation if these flows are triggered by user input, but in isolation, they do not present an immediate high-risk scenario.

Key Concerns

Flows with unsanitized paths

Vulnerabilities

None known

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Release Timeline

v3.5.0Current

Code Analysis

Analyzed Mar 16, 2026

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

force_ssl_redirect (jsm-force-ssl.php:127)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedjsm-force-ssl.php:63

filterhome_urljsm-force-ssl.php:79

actioninitjsm-force-ssl.php:81

filtersite_urljsm-force-ssl.php:86

filterupload_dirjsm-force-ssl.php:92

filterplugins_urljsm-force-ssl.php:98

filterthe_contentjsm-force-ssl.php:103

filterwidget_textjsm-force-ssl.php:105

Maintenance & Trust

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 25, 2026

PHP min version7.4.33

Downloads106K

Community Trust

Rating100/100

Number of ratings13

Active installs7K

Alternatives

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Alternatives

Easy HTTPS Redirection (SSL)

https-redirection

100

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

100K No CVEs

SSL Mixed Content Fix

http-https-remover

A fix for mixed content! This Plugin creates protocol relative urls by removing http + https from links. Works in Front- and Backend!

9K No CVEs

$Rank Math SEO – AI SEO Tools to Dominate SEO Rankings$

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

4.0M 20 CVEs

All 404 Redirect to Homepage

all-404-redirect-to-homepage

Using this plugin, you can fix all 404 error links by redirecting them to homepage using the SEO 301 redirection. Improve your SEO rank & pages speed

200K 2 CVEs

404 to 301 – Redirect, Log and Notify 404 Errors

404-to-301

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K 6 CVEs

Developer Profile

JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable Developer Profile

JS Morisset

31 plugins · 32K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

12 days

View full developer profile

Detection Fingerprints

How We Detect JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jsm-force-ssl/css/style.css/wp-content/plugins/jsm-force-ssl/js/scripts.js

Script Paths

/wp-content/plugins/jsm-force-ssl/js/scripts.js

Version Parameters

jsm-force-ssl/css/style.css?ver=jsm-force-ssl/js/scripts.js?ver=

HTML / DOM Fingerprints

HTML Comments

<!-- Define some standard WordPress constants, if not already defined. These constants can be pre-defined as false in wp-config.php
 * to turn disable a specific forced SSL feature. -->

<!-- If WordPress is hosted behind a reverse proxy that provides SSL, but is hosted itself without SSL, these
 * options will initially send any requests into an infinite redirect loop. To avoid this, you may
 * configure WordPress to recognize the HTTP_X_FORWARDED_PROTO header (assuming you have properly
 * configured the reverse proxy to set that header). -->

<!-- WordPress should redirect back-end / admin URLs just fine, but the front-end may need some help. Hook
 * the 'init' action and check the protocol if FORCE_SSL is true. -->

+15 more

FAQ