[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwVr4n6BQpoDZJj2DgBpZ86-zKg6cVchE7IOR6M5T9ZA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":140,"fingerprints":211},"lh-hsts","LH HSTS","1.25","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin send the proper headers for full ssl security. For more information on what this is and why it is important visit: http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHTTP_Strict_Transport_Security\u003C\u002Fp>\n\u003Cp>The options are preset to enable browsers to preload the HSTS directive but can be overwritten by filters which are clearly documented in the code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-hsts\" rel=\"ugc\">writing a review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>To update the max-age settings, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_max_age', 'modify_ls_hsts_max_age_func');\n\nfunction modify_ls_hsts_max_age_func( $max_age ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the subdomain settings, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_subdomain’, ‘modify_ls_hsts_subdomain_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_subdomain_func( $subdomain ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>To update the preload setting, add the following code to your functions.php\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter('lh_hsts_preload', 'modify_ls_hsts_preload_func');\n\nfunction modify_ls_hsts_preload_func( $preload ){\n    return false;\n}\n    `\n\n\u003Ch3>To update the redirect setting, add the following code to your functions.php\u003C\u002Fh3>\n\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>add_filter(‘lh_hsts_redirect’, ‘modify_ls_hsts_redirect_func’);\u003C\u002Fp>\n\u003Cp>function modify_ls_hsts_redirect_func( $redirect ){\u003Cbr \u002F>\n    return false;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n","HSTS is HTTP Strict Transport Security, a means to enforce using SSL even if the user accesses the site through HTTP and not HTTPS.",700,349826,78,7,"2020-07-12T05:30:00.000Z","5.4.19","3.0","",[20,21,22,23,24],"hsts","https","redirect","security","ssl","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-hsts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-hsts.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":14,"trust_score":36,"computed_at":37},77,14650,87,91,"2026-04-04T05:28:56.366Z",[39,64,81,101,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":61,"download_link":62,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"auto-install-free-ssl","Auto-Install Free SSL – Generate & Install Free SSL Certificates","4.6.1","Anindya Sundar Mandal","https:\u002F\u002Fprofiles.wordpress.org\u002Fspeedify\u002F","\u003Ch3>Auto-Install Free SSL\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>With over \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\u002Freviews\u002F?filter=5\" rel=\"ugc\">380 five-star reviews ⭐⭐⭐⭐⭐\u003C\u002Fa> and a 4.9 out of 5 stars average rating, ‘Auto-Install Free SSL’ empowers you to generate Free SSL Certificates in your WordPress dashboard effortlessly.\u003C\u002Fstrong> This plugin helps secure your website and saves you money.\u003C\u002Fp>\n\u003Cp>Let’s Encrypt™ SSL Certificate is FREE. But they provide it through their API. If you are not a programmer, you need to study and practice programming for years to be able to use the API of Let’s Encrypt™ to generate a single Free SSL Certificate for your WordPress website.\u003C\u002Fp>\n\u003Cp>Here is where ‘Auto-Install Free SSL’ comes into play. This WordPress plugin provides a hassle-free way to obtain and install the Let’s Encrypt™ free SSL certificate for your website. You don’t need programming or coding experience to set it up. With this plugin, you don’t need to spend hours configuring SSL or waste money purchasing SSL certificates. All you need is a few minutes.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"How to set up Automation in 1 minute (cPanel) | Auto-Install Free SSL [Pro]\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F745390051?dnt=1&app_id=122963\" width=\"750\" height=\"400\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>Minimum System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Linux or Windows hosting\u003C\u002Fli>\n\u003Cli>WordPress 4.1\u003C\u002Fli>\n\u003Cli>PHP 5.6\u003C\u002Fli>\n\u003Cli>OpenSSL extension\u003C\u002Fli>\n\u003Cli>Curl extension\u003C\u002Fli>\n\u003Cli>PHP directive allow_url_fopen = On\u003C\u002Fli>\n\u003Cli>The website should be assigned to a domain name (e.g., example.com) accessible online.\u003C\u002Fli>\n\u003Cli>Ensure your web server can serve static files – a standard feature in most web servers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FREE PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Domain Ownership Verification.\u003C\u002Fli>\n\u003Cli>Generate and renew Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>One-click Download the generated SSL certificate, Private key, and CA Bundle files.\u003C\u002Fli>\n\u003Cli>Video tutorial on cPanel: (1) How to upload HTTP-01 challenge files to verify domain ownership. (2) How to Install the Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>Written tutorial on Plesk for the above two topics.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation, i.e., HTTPS redirect, fix insecure links and mixed content warning, display the padlock in the browser’s address bar with ONLY ONE CLICK.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>Automatic renewal reminder by email and admin notice before the SSL expiry date.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The free https SSL certificate issued by Let’s Encrypt™ expires in 90 days. They recommend renewing 30 days before expiry. Please check the FAQ section to learn why the lifetime is 90 days.\u003C\u002Fp>\n\u003Cp> \u003C\u002Fp>\n\u003Cpre>\u003Ccode> Use this plugin only for HTTPS redirects too. \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If your WordPress website has an SSL certificate installed and you are looking ONLY for Force SSL activation (i.e., HTTPS redirect, fix insecure content), you can use the FREE version.\u003C\u002Fp>\n\u003Ch3>PREMIUM PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Verification of Domain Ownership.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic\u003C\u002Fstrong> Generation of Free SSL Certificate.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Installation\u003C\u002Fstrong> of Free SSL Security Certificate (cPanel or root access is required for this automation). [However, if you have neither cPanel nor root access, we’ll Install the SSL manually for the first time and provide documentation on how to install SSL manually].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Renewal\u003C\u002Fstrong> of Free SSL Certificate (30 days before expiry).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cron Job.\u003C\u002Fstrong> No need to set the Cron Job manually.\u003C\u002Fli>\n\u003Cli>Automatic account registration with Let’s Encrypt™.\u003C\u002Fli>\n\u003Cli>Automatic CSR (Certificate Signing Request) generation.\u003C\u002Fli>\n\u003Cli>One-click Force SSL activation.\u003C\u002Fli>\n\u003Cli>One-click revert to HTTP if required.\u003C\u002Fli>\n\u003Cli>One-to-one Premium Support.\u003C\u002Fli>\n\u003Cli>SSL installation training for non-cPanel websites.\u003C\u002Fli>\n\u003Cli>Automatic WildCard SSL certificate for free! (Generation and installation of an SSL certificate for a domain that covers all its sub-domains.)\u003C\u002Fli>\n\u003Cli>Automatically sets the DNS TXT record to verify the domain and generate free wildcard SSL certificates (supported DNS service providers: Cloudflare, Godaddy, Namecheap, and cPanel.)\u003C\u002Fli>\n\u003Cli>Supports Multisite.\u003C\u002Fli>\n\u003Cli>Works on all the websites hosted on a cPanel \u002F web hosting.\u003C\u002Fli>\n\u003Cli>If needed, you can revoke any SSL certificate and change your Let’s Encrypt™ account key.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(The last five features are available for the unlimited sites license only.)\u003C\u002Fp>\n\u003Cp>If your WordPress website is hosted on a VPS or dedicated server and you don’t have cPanel, \u003Cstrong>Automatic Installation\u003C\u002Fstrong> of the Free SSL Certificate is still possible. Please get in touch with us after purchase.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Ffree-ssl-certificate-for-wordpress-website\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=premium_features\" rel=\"nofollow ugc\">BUY PREMIUM VERSION\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Benefits of installing an SSL certificate on your WordPress website\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Protect your users’ data:\u003C\u002Fstrong> If an SSL certificate is installed, your WordPress website’s data travels through the internet with 2048-bit (or more) encryption. No computer or hacker in between can read your users’ encrypted data. Only the intended recipient (users’ browser or your server) can decrypt and read the encrypted data. The data may be credit card-like necessary payment details, user input with a contact form, or a simple login form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Display PADLOCK:\u003C\u002Fstrong> Installing an SSL certificate is not optional anymore, even if your WordPress website doesn’t accept credit cards. Since July 2018, with version 68, Google Chrome has started to mark all HTTP (no SSL) websites as ‘Not secure’, even if it doesn’t accept user input. All other browsers followed the same path. When users visit an SSL-secured website, all browsers display a secured PADLOCK in the address bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Boost the Search Engine Ranking:\u003C\u002Fstrong> Google and other search engines aim to create a secure web. So, search engines now favor SSL-secured HTTPS websites and discourage insecure ones in the search results. If your WordPress website doesn’t have an SSL certificate installed, you are missing something significant regarding SEO and staying away from potential customers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Gain the trust of your users:\u003C\u002Fstrong> If users see the secured PADLOCK and HTTPS connection in the URL, they are assured that your website is secured. Now you are gaining the trust of your potential customers. They are confident to purchase your product or service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002Fwordpress-letsencrypt-free-ssl-certificate-documentation\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=documentation\" rel=\"nofollow ugc\">click here\u003C\u002Fa> for the documentation.\u003C\u002Fp>\n\u003Ch3>Support and Report a Bug\u003C\u002Fh3>\n\u003Cp>Please check the existing topics in the WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fauto-install-free-ssl\" rel=\"ugc\">support forum\u003C\u002Fa> before creating a new topic for support or reporting a bug.\u003C\u002Fp>\n\u003Ch3>‘AUTO-INSTALL FREE SSL’ IN YOUR LANGUAGE?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fauto-install-free-ssl\u002F\" rel=\"nofollow ugc\">Translations can be added easily here\u003C\u002Fa> if you want to translate in your language.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fletsencrypt.org\" rel=\"nofollow ugc\">Let’s Encrypt™\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>I developed this plugin based on the PHP client\u002Fapp \u003Ca href=\"https:\u002F\u002Ffreessl.tech\u002F?utm_source=wp_org&utm_medium=description&utm_campaign=aifs_free&utm_content=credits\" rel=\"nofollow ugc\">‘FreeSSL.tech Auto’\u003C\u002Fa>, which I developed with a massive rewrite of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanalogic\u002Flescript\" rel=\"nofollow ugc\">Lescript\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcpanel.com\" rel=\"nofollow ugc\">cPanel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Let’s Encrypt™ is a trademark of the Internet Security Research Group. All rights reserved.\u003C\u002Fp>\n","Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.",9000,501022,98,397,"2025-12-24T04:33:00.000Z","6.9.4","4.1","5.6",[56,57,58,59,60],"free-ssl","free-ssl-certificate","https-redirect","ssl-certificate","ssl-security","https:\u002F\u002Ffreessl.tech","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-install-free-ssl.4.6.1.zip",100,{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":28,"num_ratings":28,"last_updated":74,"tested_up_to":52,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":18,"download_link":80,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-ssl-redirects","Simple SSL Redirects","1.1.4","Blucube","https:\u002F\u002Fprofiles.wordpress.org\u002Fedhicks\u002F","\u003Cp>If your site has an SSL certificate you might find that you can access the site via both SSL (https) and non-SSL (http) URLs. This is a bad idea for security, and for SEO, as it can look like duplicate content on different URLs.\u003C\u002Fp>\n\u003Cp>The answer to this is to redirect requests to non-SSL (http) URLs over to their SSL (https) equivalents using something called a 301 redirect. This tells the client (and search engines) that the resource they are looking for should always be accessed over SSL.  This plugin offers two methods to achieve this:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By intercepting WordPress pages at header time, and if they are not already being requested over HTTPS sending a 301 redirect header, or\u003C\u002Fli>\n\u003Cli>By adding mod_rewrite rules in the .htaccess file to redirect all requests to their HTTPS equivalents using 301 redirects.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Optionally, this plugin can also set \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FStrict-Transport-Security\" rel=\"nofollow ugc\">HSTS\u003C\u002Fa> headers for you, and make sure that all requests use the same hostname (i.e. fixing the issue where many sites can be accessed using both www. and non-www. URLs).\u003C\u002Fp>\n","Lightweight plugin to ensure access via SSL\u002FHTTPS. Uses 301 (permanent) redirects for SEO benefits. Optionally sets HSTS and forces canonical domain.",200,2868,"2025-12-09T11:40:00.000Z","4.6","5.3",[21,78,23,79,24],"redirection","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ssl-redirects.1.1.4.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":63,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":99,"download_link":100,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"nertworks-site-wide-ssl","NertWorks Site Wide SSL","1.05","nertworks","https:\u002F\u002Fprofiles.wordpress.org\u002Fnertworks\u002F","\u003Cp>Enforce SSL throughout the entire site. Supporting multiple methods. Can be used on the Front End of the site of the Admin Dashboard\u003C\u002Fp>\n\u003Ch3>A brief Markdown\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>javascript redirection supported\u003C\u002Fli>\n\u003Cli>PHP redirection supported\u003C\u002Fli>\n\u003Cli>WP redirection supported\u003C\u002Fli>\n\u003Cli>Includes diagnostic tools \u003C\u002Fli>\n\u003Cli>Supports Dashboard and website redirection\u003C\u002Fli>\n\u003C\u002Fol>\n","Enforce SSL throughout the entire site. Supporting multiple methods. Can be used on the Front End of the site of the Admin Dashboard",20,3545,2,"2014-06-14T19:07:00.000Z","3.4.2","2.0",[96,58,97,98,24],"https-enforce","redirect-to-ssl-site","security-certificate","http:\u002F\u002Fnertworks.com\u002F?p=433","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnertworks-site-wide-ssl.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":52,"requires_at_least":114,"requires_php":18,"tags":115,"homepage":118,"download_link":119,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,84,71,"2025-12-02T03:12:00.000Z","6.5",[116,21,117,78,24],"force-ssl","insecure-content","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":49,"num_ratings":130,"last_updated":131,"tested_up_to":52,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":136,"download_link":137,"security_score":49,"vuln_count":138,"unpatched_count":28,"last_vuln_date":139,"fetched_at":30},"wp-letsencrypt-ssl","WP Encryption – One Click Free SSL Certificate & SSL \u002F HTTPS Redirect, Security & SSL Scan","7.8.5.11","WP Encryption SSL","https:\u002F\u002Fprofiles.wordpress.org\u002Fgowebsmarty\u002F","\u003Cp>HTTPS Secure your WordPress site with SSL certificate provided by \u003Ca href=\"https:\u002F\u002Fletsencrypt.com\" rel=\"nofollow ugc\">Let’s Encrypt®\u003C\u002Fa> and force SSL \u002F HTTPS sitewide, check your SSL score, fix insecure content & mixed content issues easily. Enable HTTPS secure padlock on your site within minutes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpencryption.com\u002F?utm_source=wordpress&utm_medium=description&utm_campaign=wpencryption\" rel=\"nofollow ugc\">WP Encryption\u003C\u002Fa> plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge. A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.\u003C\u002Fp>\n\u003Ch3>PRO FEATURES WORTH UPGRADING\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FjrkFwFH7r6o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic domain verification\u003C\u002Fli>\n\u003Cli>Automatic SSL certificate installation\u003C\u002Fli>\n\u003Cli>Automatic SSL renewal (Auto renews SSL certificate 30 days prior to expiry date)\u003C\u002Fli>\n\u003Cli>Wildcard SSL support – Install Wildcard SSL certificate for your primary domain that covers ALL sub-domains. Automatic DNS based domain verification for Wildcard SSL installation (DNS should be managed by cPanel or Godaddy)\u003C\u002Fli>\n\u003Cli>Multisite + Mapped domains support – Supports SSL installation for mapped domains\u003C\u002Fli>\n\u003Cli>Advanced security headers & SSL monitoring\u003C\u002Fli>\n\u003Cli>Top notch one to one priority support – Live Chat, Email, Premium Support Forum\u003C\u002Fli>\n\u003Cli>SSL installation help for non-cPanel sites\u003C\u002Fli>\n\u003Cli>Login security via passkeys (powered by WebAuthn) – No passwords. No brute force. Log in with passkeys protected by your browser or password manager — fast, secure, and frictionless.\u003C\u002Fli>\n\u003Cli>Automated daily vulnerability scanning & reporting.\u003C\u002Fli>\n\u003Cli>Automated daily malware & integrity scan\u003C\u002Fli>\n\u003Cli>Instant notification for threats & security issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpencryption.com\u002F?utm_source=wordpress&utm_medium=premiumfeatures&utm_campaign=wpencryption\" rel=\"nofollow ugc\">BUY PREMIUM VERSION\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>5M+ SSL certificates generated – Switch to HTTPS easily\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FaKvvVlAlZ14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>FREE SSL PLUGIN FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlock every premium feature other plugins charge for — absolutely Free.\u003C\u002Fli>\n\u003Cli>Verify domain ownership and generate free SSL certificate\u003C\u002Fli>\n\u003Cli>Secure webmail and email with HTTPS\u003C\u002Fli>\n\u003Cli>Download generated SSL certificate, key and Intermediate certificate files\u003C\u002Fli>\n\u003Cli>Force HTTPS \u002F Enable HTTPS with 301 htaccess redirection sitewide in one click\u003C\u002Fli>\n\u003Cli>HTTPS redirection includes redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.\u003C\u002Fli>\n\u003Cli>SSL Health page – Track your SSL score and control various SSL & Security features like HSTS strict transport security Header, HttpOnly secure cookies, etc,.\u003C\u002Fli>\n\u003Cli>Enable important security headers including X-XSS-Protection, X-Content-Type-Options, Referrer-Policy\u003C\u002Fli>\n\u003Cli>Enable mixed content \u002F insecure content fixer\u003C\u002Fli>\n\u003Cli>SSL monitoring & Automatic email notification prior to SSL certificate expiration\u003C\u002Fli>\n\u003Cli>Advanced security features – stop user enumeration, disable file editing, hide login error, hide wp version and much more\u003C\u002Fli>\n\u003Cli>Security score & security scanners including malware & integrity scanner, vulnerability scanner.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(Optional) Running WordPress on a specialized VPS\u002FDedicated server without cPanel? You can download the generated SSL certificate files easily via “Download SSL Certificates” page and install it on your server by modifying server config file via SSH access as explained in our \u003Ca href=\"https:\u002F\u002Fwpencryption.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">DOCS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>(7.8.0) NEW ADVANCED SECURITY PAGE WITH INTEGRITY SCAN & MALWARE SCAN\u003C\u002Fh3>\n\u003Cp>Discover the brand-new ‘Advanced Security & Scanner’ page — your command center for the most powerful protection your WordPress site has ever seen. Run malware and integrity scans to detect modified, additional, or suspicious files in your installation. Stay ahead of threats and keep your security score at its peak.\u003C\u002Fp>\n\u003Ch3>ADVANCED HTTP SECURITY HEADERS\u003C\u002Fh3>\n\u003Cp>Safeguard your site from cross-site scripting attacks, clickjacking, MIME sniffing attacks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable HTTPS Strict Transport Security Header to avoid request protocol downgrading\u003C\u002Fli>\n\u003Cli>Disable directory listing to avoid directory traversing\u003C\u002Fli>\n\u003Cli>Enable X-XSS protection, secure cookies, X-Content-Type-Options to avoid cross site scripting and MIME sniffing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Switch to HTTPS in seconds\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Secure HTTPS browser padlock in minutes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Free domain validated (DV) SSL certificates are provided by Let’s Encrypt (A non profit Global certificate Authority).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>SSL encryption ensures protection against man-in-middle attacks by securely encrypting the data transfer between client and your server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Optimized for Cloudflare and Reverse Proxies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Forcing HTTPS using the .htaccess method prevents redirect loops when your site is behind Cloudflare.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Compatible with reverse proxies and load balancers — avoids redirection conflicts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Top Reasons Your WordPress Site Needs an SSL Certificate\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>SEO Benefit: Major search engines like Google ranks SSL enabled sites higher compared to non SSL sites. Thus bringing more organic traffic for your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Data Encryption: Data transmission between server and visitor are securely encrypted on a SSL site thus avoiding any data hijacks in-between the transmission(Ex: personal information, credit card information).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Trust: Google chrome shows non-SSL sites as ‘insecure’, bringing a feel of insecurity in website visitors.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Authentic: HTTPS green padlock represents symbol of trust, authenticity and security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>REQUIREMENTS\u003C\u002Fh4>\n\u003Cp>Linux hosting, OpenSSL, CURL, allow_url_fopen should be enabled.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Many thanks to the generous efforts of our translators.\u003C\u002Fp>\n\u003Cp>If you would like to translate plugin to your language, \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-letsencrypt-ssl\u002F\" rel=\"nofollow ugc\">Feel free to sign up and start translating!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Show Your Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you find any issue, please submit a bug via support forum.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>LOVE WP ENCRYPTION SSL PLUGIN?\u003C\u002Fh3>\n\u003Cp>If you find this plugin useful, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-letsencrypt-ssl\u002Freviews\u002F\" rel=\"ugc\">positive review\u003C\u002Fa>. Your reviews are our biggest motivation for further development of plugin.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>WP Encryption uses SSLLabs API for SSL scan & detection. By using the plugin, you agree to terms & conditions of \u003Ca href=\"https:\u002F\u002Fwww.ssllabs.com\u002Fdownloads\u002FQualys_SSL_Labs_Terms_of_Use.pdf\" rel=\"nofollow ugc\">SSLLabs\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>By enabling the Vulnerability Scan feature, you agree to terms & conditions of \u003Ca href=\"https:\u002F\u002Fvulnerability.wpsysadmin.com\" rel=\"nofollow ugc\">WPVulnerability Database API\u003C\u002Fa>. The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information.\u003C\u002Fp>\n\u003Cp>Security is an important subject regarding SSL\u002FTLS certificates, of course. It is obvious that your private key, stored on your web server, should never be accessible from the web. When the plugin created the keys directory for the first time, it will store a .htaccess file in this directory, denying all visitors. Always make sure yourself your keys aren’t accessible from the web! We are in no way responsible if your private keys go public. If this does happen, the easiest solution is to check folder permissions on your server and make sure public access is forbidden for root folders. Next, create a new certificate.\u003C\u002Fp>\n","Lifetime SSL solution - Free SSL certificate & HTTPS redirect, resolve insecure site, fix SSL errors, SSL score, SSL monitoring, really simple setup.",50000,3043225,1128,"2026-03-12T07:29:00.000Z","5.4","7.0",[135,56,21,58,24],"force-https","https:\u002F\u002Fwpencryption.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-letsencrypt-ssl.7.8.5.11.zip",1,"2024-04-09 00:00:00",{"attackSurface":141,"codeSignals":170,"taintFlows":177,"riskAssessment":204,"analyzedAt":210},{"hooks":142,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":28,"unprotectedCount":28},[143,149,153,157,161],{"type":144,"name":145,"callback":146,"file":147,"line":148},"filter","lh_hsts_subdomain","lh_hsts_subdomain_func","lh-hsts.php",40,{"type":144,"name":150,"callback":151,"file":147,"line":152},"lh_hsts_preload","lh_hsts_preload_func",41,{"type":144,"name":154,"callback":155,"file":147,"line":156},"lh_hsts_redirect","lh_hsts_redirect_func",42,{"type":144,"name":158,"callback":159,"file":147,"line":160},"lh_hsts_max_age","lh_hsts_max_age_func",43,{"type":162,"name":163,"callback":164,"file":147,"line":165},"action","send_headers","add_header",49,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":176},[],{"prepared":28,"raw":28,"locations":173},[],{"escaped":28,"rawEcho":28,"locations":175},[],[],[178,196],{"entryPoint":179,"graph":180,"unsanitizedCount":138,"severity":195},"add_header (lh-hsts.php:68)",{"nodes":181,"edges":192},[182,187],{"id":183,"type":184,"label":185,"file":147,"line":186},"n0","source","$_SERVER['HTTP_HOST']",96,{"id":188,"type":189,"label":190,"file":147,"line":186,"wp_function":191},"n1","sink","header() [Header Injection]","header",[193],{"from":183,"to":188,"sanitized":194},false,"medium",{"entryPoint":197,"graph":198,"unsanitizedCount":138,"severity":195},"\u003Clh-hsts> (lh-hsts.php:0)",{"nodes":199,"edges":202},[200,201],{"id":183,"type":184,"label":185,"file":147,"line":186},{"id":188,"type":189,"label":190,"file":147,"line":186,"wp_function":191},[203],{"from":183,"to":188,"sanitized":194},{"summary":205,"deductions":206},"The lh-hsts plugin v1.25 exhibits a very strong security posture based on the provided static analysis and vulnerability history. The absence of any detected dangerous functions, raw SQL queries, unescaped outputs, file operations, external HTTP requests, or nonce\u002Fcapability checks is highly commendable.  The plugin appears to have a minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. This indicates a well-written and secure plugin architecture that adheres to best practices for WordPress development.\n\nWhile the overall security is excellent, the taint analysis reveals two flows with unsanitized paths. Although no critical or high severity issues were found in these flows, the presence of unsanitized paths, even if not leading to immediate exploitable vulnerabilities in this specific version, warrants attention. It suggests a potential area for improvement to ensure absolute data sanitization, even in the absence of clear exploit vectors in the current analysis.\n\nThe plugin's vulnerability history is completely clean, with no known CVEs, which further reinforces its secure reputation. This lack of past vulnerabilities suggests consistent development quality and responsible maintenance.  In conclusion, lh-hsts v1.25 is an exceptionally secure plugin, with the only minor concern being the two identified unsanitized paths in the taint analysis, which do not currently present a significant risk due to the absence of exploitable code signals.",[207],{"reason":208,"points":209},"Flows with unsanitized paths",3,"2026-03-16T19:26:02.902Z",{"wat":212,"direct":217},{"assetPaths":213,"generatorPatterns":214,"scriptPaths":215,"versionParams":216},[],[],[],[],{"cssClasses":218,"htmlComments":219,"htmlAttributes":220,"restEndpoints":221,"jsGlobals":222,"shortcodeOutput":223},[],[],[],[],[],[]]