[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzyUPCurN_aYEPHt1UjhNHklSlnDsaRI7TAaA4LGu9bs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":155,"fingerprints":233},"mavis-https-to-http-redirect","Mavis HTTPS to HTTP Redirection","1.4.3","PressPage Entertainment Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fphkcorp2005\u002F","\u003Cp>This plugin was developed to solve a redirection issue when navigating from a secured checkout page back to\u003Cbr \u002F>\na non-secured page (or page that you need to have as non-secured—possibly because of non-secured\u003Cbr \u002F>\nexternal links, etc.)\u003C\u002Fp>\n\u003Cp>For example, a user comes to your wordpress e-commerce site, locates an item, then navigates to your\u003Cbr \u002F>\nsecured checkout page. Now the customer, realizes there is something else they need, and instead of clicking\u003Cbr \u002F>\na Continue Shopping link, then click a top category link. Since the customer is in a secured session, wordpress\u003Cbr \u002F>\nput the secured protocol on all the links including that category. Now the customer navigates to that\u003Cbr \u002F>\ncategory, but they are still in a secured page session. Now this category page is displaying improperly because\u003Cbr \u002F>\nof some external links that did not translate properly into the secured session. Customer is now upset, thinking\u003Cbr \u002F>\nthat the site design demonstrates the level of incompetence of the shop owner and questions the shop owner’s\u003Cbr \u002F>\nintegrity to fulfill the customer’s order, so the customer in a behavior of discuss, rapidly leaves the\u003Cbr \u002F>\nshop owner’s site and that customer becomes a non-customer!\u003C\u002Fp>\n\u003Cp>This plugin resolves this issue by redirecting all non specified checkout (and other non-secured pages)\u003Cbr \u002F>\nback to a non-secured page counterpart.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>We make honorable mention to anyone who helps make Mavis HTTPS to HTTP Redirect a better plugin!\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Support is provided at https:\u002F\u002Fgithub.com\u002Fpingleware\u002Fmavis-https-to-http-redirect\u002Fissues. You will require a free account on github.com\u003C\u002Fp>\n\u003Cp>Please contact presspage.entertainment@gmail.com or visit the above forum with questions, comments, or requests.\u003C\u002Fp>\n","Provides page redirection back to non-secured pages (https: to http:)",100,22409,74,6,"2020-08-23T13:52:00.000Z","5.5.18","2.9","",[20,21,22,23,24],"http","https","https-to-http","mavis","redirection","https:\u002F\u002Fwordpess.org\u002Fplugins\u002Fmavis-https-to-http-redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmavis-https-to-http-redirect.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58261","mavis-https-to-http-redirection-cross-site-request-forgery","Mavis HTTPS to HTTP Redirection \u003C= 1.4.3 - Cross-Site Request Forgery","The Mavis HTTPS to HTTP Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-26 17:40:41",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F91a1278a-0308-4fe0-a46e-172ca1735c53?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":50,"computed_at":52},"phkcorp2005",5,140,81,30,"2026-04-05T15:59:50.966Z",[54,76,93,110,132],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":73,"download_link":74,"security_score":11,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,84,71,"2025-12-02T03:12:00.000Z","6.9.4","6.5",[70,21,71,24,72],"force-ssl","insecure-content","ssl","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",0,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":75,"num_ratings":75,"last_updated":86,"tested_up_to":67,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":18,"download_link":92,"security_score":11,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"simple-ssl-redirects","Simple SSL Redirects","1.1.4","Blucube","https:\u002F\u002Fprofiles.wordpress.org\u002Fedhicks\u002F","\u003Cp>If your site has an SSL certificate you might find that you can access the site via both SSL (https) and non-SSL (http) URLs. This is a bad idea for security, and for SEO, as it can look like duplicate content on different URLs.\u003C\u002Fp>\n\u003Cp>The answer to this is to redirect requests to non-SSL (http) URLs over to their SSL (https) equivalents using something called a 301 redirect. This tells the client (and search engines) that the resource they are looking for should always be accessed over SSL.  This plugin offers two methods to achieve this:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By intercepting WordPress pages at header time, and if they are not already being requested over HTTPS sending a 301 redirect header, or\u003C\u002Fli>\n\u003Cli>By adding mod_rewrite rules in the .htaccess file to redirect all requests to their HTTPS equivalents using 301 redirects.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Optionally, this plugin can also set \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FStrict-Transport-Security\" rel=\"nofollow ugc\">HSTS\u003C\u002Fa> headers for you, and make sure that all requests use the same hostname (i.e. fixing the issue where many sites can be accessed using both www. and non-www. URLs).\u003C\u002Fp>\n","Lightweight plugin to ensure access via SSL\u002FHTTPS. Uses 301 (permanent) redirects for SEO benefits. Optionally sets HSTS and forces canonical domain.",200,2868,"2025-12-09T11:40:00.000Z","4.6","5.3",[21,24,90,91,72],"security","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ssl-redirects.1.1.4.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":75,"downloaded":101,"rating":75,"num_ratings":75,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":18,"download_link":108,"security_score":109,"vuln_count":75,"unpatched_count":75,"last_vuln_date":37,"fetched_at":30},"advanced-https-redirection","Advanced Https Redirection","1.0","ehabsan","https:\u002F\u002Fprofiles.wordpress.org\u002Fehabsan\u002F","\u003Cp>This plugin enables you to easily redirect your whole domain from\u002Fto HTTP to\u002Ffrom HTTPS, or you can just redirect certain pages, posts, terms or custom post type or any other front-end page.\u003C\u002Fp>\n\u003Cp>Using this plugin you can force your website visitors to use the the HTTPS version of your website, or the other way around. And you can also use it to have your whole website on HTTPS while certain pages are on HTTP, or the other way around.\u003C\u002Fp>\n\u003Cp>This plugin allows you to redirect both dynamic resources and static resources – for static resources to work your server must be Apache and you should have an .htaccess file in your root WordPress directory.\u003C\u002Fp>\n\u003Cp>features – all redirections work from \u002F to HTTP to\u002Ffrom HTTPS:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Redirect the whole domain including static resources\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only the admin directory\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only the front-end pages\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect only static resources\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect the whole domain except for certain posts, or custom post types, or terms, or custom taxonomies, or any other front-end page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Redirect using different redirection statuses: 301,302,303, and 307\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin will generate links for posts and other front-end pages based on how they should be redirected, so if a post is supposed to be accessed through HTTPS, this plugin will make sure that all links generated by WordPress to that post are HTTPS links, which is better for seo\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Redirect your whole domain from\u002Fto http to\u002Ffrom https, or redirect just certain pages without any technical knowledge.",1287,"2018-03-28T17:22:00.000Z","4.9.29","4.4",[106,107,21,24,72],"automatic-redirection","htaccess","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-https-redirection.zip",85,{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":67,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":128,"download_link":129,"security_score":130,"vuln_count":28,"unpatched_count":75,"last_vuln_date":131,"fetched_at":30},"hostinger","Hostinger Tools","3.0.59","Hostinger","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostinger\u002F","\u003Cp>Hostinger Tools is an all-in-one plugin designed to streamline essential tasks for WordPress site administrators. This plugin offers a range of features to help you manage your site’s information, maintenance mode, security, and redirects effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Basic Info\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the current WordPress version with automatic update checks.\u003C\u002Fli>\n\u003Cli>Shows the current PHP version with automatic update checks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Maintenance Mode\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable or disable maintenance mode for your site.\u003C\u002Fli>\n\u003Cli>Provide a URL to bypass maintenance mode for selected users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Security\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable XML-RPC requests to enhance your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable Authorize application page to enhance your site’s security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Redirects\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force all URLs to use HTTPS for secure browsing.\u003C\u002Fli>\n\u003Cli>Force all URLs to use WWW to ensure consistency in site access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>LLMs.txt Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically generate a structured LLMs.txt file in Markdown format.\u003C\u002Fli>\n\u003Cli>Include website title, description, posts, pages, and products (if WooCommerce is active).\u003C\u002Fli>\n\u003Cli>Keep the file updated when content changes or new content is published.\u003C\u002Fli>\n\u003Cli>Help AI-powered tools better understand and interact with your website content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hostinger Tools is the new version of the previous Hostinger plugin, offering an updated and enhanced experience.\u003Cbr \u002F>\nThe Onboarding assistant and the Learning section previously included in this plugin were moved to the separate plugin Hostinger Easy Onboarding.\u003C\u002Fp>\n","Simplified WordPress management. Manage site info, maintenance, security, & redirects.",3000000,16730722,60,25,"2026-03-03T11:48:00.000Z","5.5","8.1",[111,21,126,90,127],"maintenance","tools","https:\u002F\u002Fhostinger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostinger.3.0.59.zip",99,"2024-01-05 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":118,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":67,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":150,"download_link":151,"security_score":152,"vuln_count":153,"unpatched_count":75,"last_vuln_date":154,"fetched_at":30},"really-simple-ssl","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)","9.5.8","Really Simple Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Freallysimpleplugins\u002F","\u003Cp>Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.\u003C\u002Fp>\n\u003Ch3>Really simple, Effective and Performant WordPress Security\u003C\u002Fh3>\n\u003Cp>Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features.\u003C\u002Fp>\n\u003Cp>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy-to-use:\u003C\u002Fstrong> 1-minute configuration with short onboarding setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Ch4>Easy SSL Migration\u003C\u002Fh4>\n\u003Cp>Migrates your website to HTTPS and enforces SSL in just one click.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>301 redirect via PHP or .htaccess\u003C\u002Fli>\n\u003Cli>Secure cookies\u003C\u002Fli>\n\u003Cli>Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.\u003C\u002Fli>\n\u003Cli>Server Health Check: Your server configuration is every bit as important for your website security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Hardening\u003C\u002Fh4>\n\u003Cp>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent code execution in the uploads folder\u003C\u002Fli>\n\u003Cli>Prevent login feedback and disable user enumeration\u003C\u002Fli>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Username restrictions (block ‘admin’ and public names)\u003C\u002Fli>\n\u003Cli>and much more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Detection\u003C\u002Fh4>\n\u003Cp>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.\u003C\u002Fp>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email.\u003C\u002Fp>\n\u003Ch3>Improve Security with Really Simple Security Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002F\" rel=\"nofollow ugc\">Protect your site with all essential security features by upgrading to Really Simple Security Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Advanced SSL enforcement\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end.\u003C\u002Fli>\n\u003Cli>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Firewall\u003C\u002Fh4>\n\u003Cp>Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors.\u003C\u002Fli>\n\u003Cli>Region blocking – Only allow\u002Fblock access to your site from specific regions.\u003C\u002Fli>\n\u003Cli>Automated and customisable Firewall rules.\u003C\u002Fli>\n\u003Cli>IP blocklist and allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers\u003C\u002Fh4>\n\u003Cp>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.\u003C\u002Fli>\n\u003Cli>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.\u003C\u002Fli>\n\u003Cli>Automatically generate your WordPress-tailored Content Security Policy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Measures\u003C\u002Fh4>\n\u003Cp>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.\u003C\u002Fli>\n\u003Cli>Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Site Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose a custom login URL\u003C\u002Fli>\n\u003Cli>Automated File Permissions check and fixer\u003C\u002Fli>\n\u003Cli>Rename and randomize your database prefix\u003C\u002Fli>\n\u003Cli>Change the debug.log file location to a non-public folder\u003C\u002Fli>\n\u003Cli>Disable application passwords\u003C\u002Fli>\n\u003Cli>Control admin creation\u003C\u002Fli>\n\u003Cli>Disable HTTP methods, reducing HTTP requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Secure your website’s login process and user accounts with powerful security measures.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Step verification (Email login)\u003C\u002Fli>\n\u003Cli>2FA (two factor authentication) with TOTP\u003C\u002Fli>\n\u003Cli>Passwordless login with passkey login\u003C\u002Fli>\n\u003Cli>Enforce strong passwords and frequent password change\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)\u003C\u002Fp>\n\u003Ch4>Access Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict access to your site for specific regions.\u003C\u002Fli>\n\u003Cli>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Useful Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fknowledge-base-overview\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fdefinitions\u002F\" rel=\"nofollow ugc\">Security Definitions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">Translate Really Simple Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Fissues\" rel=\"nofollow ugc\">Issues & pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Flabels\u002Ffeature%20request\" rel=\"nofollow ugc\">Feature requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Love Really Simple Security?\u003C\u002Fh3>\n\u003Cp>If you want to support the continuing development of this plugin, please consider buying \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Really Simple Security Pro\u003C\u002Fa>, which includes some excellent security features and premium support.\u003C\u002Fp>\n\u003Ch3>About Really Simple Plugins\u003C\u002Fh3>\n\u003Cp>Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fabout-us\" rel=\"nofollow ugc\">Really Simple Plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For generating SSL certificates, Really Simple Security uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffbett\u002Fle-acme2-php\u002F\" rel=\"nofollow ugc\">le acme2 PHP\u003C\u002Fa> Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Freally-simple-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> as well!\u003C\u002Fp>\n","Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.",205655178,98,8803,"2026-02-26T10:57:00.000Z","6.6","7.4",[147,21,90,148,149],"2fa","two-factor","vulnerabilities","https:\u002F\u002Freally-simple-ssl.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.8.zip",96,3,"2026-03-15 00:00:00",{"attackSurface":156,"codeSignals":172,"taintFlows":182,"riskAssessment":221,"analyzedAt":232},{"hooks":157,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":75,"unprotectedCount":75},[158,164],{"type":159,"name":160,"callback":161,"priority":75,"file":162,"line":163},"action","init","mavis_redirect","mavis.php",265,{"type":159,"name":165,"callback":166,"file":162,"line":167},"admin_menu","addMavisToManagementPage",266,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":75,"externalRequests":75,"nonceChecks":75,"capabilityChecks":75,"bundledLibraries":181},[],{"prepared":75,"raw":75,"locations":175},[],{"escaped":75,"rawEcho":28,"locations":177},[178],{"file":162,"line":179,"context":180},112,"raw output",[],[183,209],{"entryPoint":184,"graph":185,"unsanitizedCount":208,"severity":39},"displayMavisManagementPage (mavis.php:71)",{"nodes":186,"edges":204},[187,192,198,200],{"id":188,"type":189,"label":190,"file":162,"line":191},"n0","source","$_POST",83,{"id":193,"type":194,"label":195,"file":162,"line":196,"wp_function":197},"n1","sink","update_option() [Settings Manipulation]",88,"update_option",{"id":199,"type":189,"label":190,"file":162,"line":191},"n2",{"id":201,"type":194,"label":202,"file":162,"line":179,"wp_function":203},"n3","echo() [XSS]","echo",[205,207],{"from":188,"to":193,"sanitized":206},false,{"from":199,"to":201,"sanitized":206},2,{"entryPoint":210,"graph":211,"unsanitizedCount":208,"severity":220},"\u003Cmavis> (mavis.php:0)",{"nodes":212,"edges":217},[213,214,215,216],{"id":188,"type":189,"label":190,"file":162,"line":191},{"id":193,"type":194,"label":195,"file":162,"line":196,"wp_function":197},{"id":199,"type":189,"label":190,"file":162,"line":191},{"id":201,"type":194,"label":202,"file":162,"line":179,"wp_function":203},[218,219],{"from":188,"to":193,"sanitized":206},{"from":199,"to":201,"sanitized":206},"low",{"summary":222,"deductions":223},"The \"mavis-https-to-http-redirect\" plugin, version 1.4.3, presents a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are positive indicators. However, the analysis also flags a critical concern: 100% of output is not properly escaped, indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities if any dynamic content is displayed to users. The taint analysis also shows flows with unsanitized paths, although these did not reach a critical or high severity in this assessment, they warrant further investigation.\n\nThe plugin has a history of known vulnerabilities, with one medium severity CVE currently unpatched. This historical pattern, especially with a recent vulnerability dating to late 2025, suggests a recurring issue with security flaws. While the absence of obvious entry points for direct attacks is a strength, the unescaped output and historical vulnerability pattern are significant weaknesses. The overall risk is elevated due to the potential for XSS and the unaddressed past CVE, despite the absence of a large, exposed attack surface.",[224,227,230],{"reason":225,"points":226},"Unpatched CVE",15,{"reason":228,"points":229},"Output not properly escaped",8,{"reason":231,"points":48},"Taint flows with unsanitized paths","2026-03-16T21:09:39.920Z",{"wat":234,"direct":239},{"assetPaths":235,"generatorPatterns":236,"scriptPaths":237,"versionParams":238},[],[],[],[],{"cssClasses":240,"htmlComments":244,"htmlAttributes":245,"restEndpoints":248,"jsGlobals":249,"shortcodeOutput":250},[241,242,243],"wrap","options","editform",[],[246,247],"name='mavis_update'","name='secured_page_tag'",[],[],[]]