Does One Click SSL have any unpatched vulnerabilities?

No. All known vulnerabilities in One Click SSL have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is One Click SSL compatible with WordPress 6.9.4?

According to WordPress.org data, One Click SSL 1.7.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is One Click SSL updated?

One Click SSL was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is One Click SSL's security score?

One Click SSL has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

One Click SSL Security & Risk Analysis

wordpress.org/plugins/one-click-ssl

Enable SSL/TLS (https://) to redirect all pages to SSL/TLS and load all resources over SSL/TLS.

10K active installs v1.7.7 PHP + WP 4.6+ Updated Feb 25, 2026

httpsmixed-contentredirectresourcesssl

A · Safe

CVEs total1

Unpatched0

Last CVEJul 11, 2019

Plugin page Download

Safety Verdict

Is One Click SSL Safe to Use in 2026?

Generally Safe

Score 99/100

One Click SSL has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 11, 2019Updated 1mo ago

Risk Assessment

The 'one-click-ssl' v1.7.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has a decent number of nonce and capability checks. The absence of dangerous functions, file operations, and critical or high severity taint flows is also encouraging. However, several areas raise concern. The presence of 6 AJAX handlers, with one lacking authentication checks, presents a significant attack surface for potential unauthorized actions. Furthermore, 60% output escaping suggests that a considerable portion of its output might be vulnerable to cross-site scripting (XSS) if user-supplied data is not properly sanitized before being displayed.

The vulnerability history, while showing no currently unpatched CVEs, does indicate a past high severity vulnerability, specifically CSRF. This suggests that the plugin, at some point, was susceptible to an attack that could trick users into performing unintended actions. The occurrence of a high severity vulnerability in the past warrants careful attention. While the current static analysis doesn't reveal immediate critical threats like unpatched vulnerabilities or dangerous function usage, the unprotected AJAX endpoint and potential XSS risks due to insufficient output escaping are notable weaknesses that require attention for a more robust security posture.

Key Concerns

AJAX handler without auth checks
60% output escaping
Past high severity vulnerability

Vulnerabilities

One Click SSL Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2019-15828high · 8.8Cross-Site Request Forgery (CSRF)

One Click SSL <= 1.4.6 - Cross-Site Request Forgery

Jul 11, 2019 Patched in 1.4.7 (1657d)

Code Analysis

Analyzed Mar 16, 2026

One Click SSL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped57 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths

check_ssl (ssl.php:709)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

One Click SSL Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 6

authwp_ajax_one_click_ssl_dismiss_smart_ratingssl.php:1268

authwp_ajax_ocssl_dismiss_noticessl.php:1270

authwp_ajax_ocssl_check_ssl_supportssl.php:1299

authwp_ajax_ocssl_enable_sslssl.php:1300

authwp_ajax_ocssl_scanssl.php:1301

authwp_ajax_ocssl_dismissed_noticessl.php:1302

WordPress Hooks 33

actioninitssl.php:36

filterquery_varsssl.php:51

actiontemplate_redirectssl.php:57

actionadmin_initssl.php:1246

actioninitssl.php:1247

actionshutdownssl.php:1248

actionocssl_ratereviewhookssl.php:1249

actionafter_theme_setupssl.php:1250

actionadmin_initssl.php:1251

actionadmin_headssl.php:1252

actionnetwork_admin_menussl.php:1255

actionadmin_menussl.php:1257

actionadmin_headssl.php:1260

actionadmin_enqueue_scriptsssl.php:1262

actionadmin_noticesssl.php:1263

actionnetwork_admin_noticesssl.php:1266

actionwp_loadedssl.php:1275

actionwp_loadedssl.php:1277

filternetwork_admin_plugin_action_linksssl.php:1281

filterplugin_action_linksssl.php:1283

filterupload_dirssl.php:1286

filteroption_siteurlssl.php:1287

filteroption_homessl.php:1288

filteroption_urlssl.php:1289

filteroption_wpurlssl.php:1290

filteroption_stylesheet_urlssl.php:1291

filteroption_template_urlssl.php:1292

filterwp_get_attachment_urlssl.php:1293

filterwidget_textssl.php:1294

filterlogin_urlssl.php:1295

filterlanguage_attributesssl.php:1296

actionadmin_initssl.php:1306

actioninitssl.php:1313

Scheduled Events 3

ocssl_ratereviewhook

Maintenance & Trust

One Click SSL Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version

Downloads303K

Community Trust

Rating98/100

Number of ratings138

Active installs10K

Alternatives

One Click SSL Alternatives

Easy HTTPS Redirection (SSL)

https-redirection

100

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

100K No CVEs

SSL Insecure Content Fixer

ssl-insecure-content-fixer

100

Clean up WordPress website HTTPS insecure content

100K No CVEs

WP Force SSL & HTTPS SSL Redirect

wp-force-ssl

Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.

90K 1 CVE

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan

wp-letsencrypt-ssl

Lifetime SSL solution - Free SSL certificate & HTTPS redirect, resolve insecure site, fix SSL errors, SSL score, SSL monitoring, really simple setup.

50K 1 CVE

SSL Zen — SSL Certificate Installer & HTTPS Redirects

ssl-zen

Helps install a free Let's Encrypt SSL certificate, redirects HTTP to HTTPS and forces SSL on all pages.

10K 1 CVE

Developer Profile

One Click SSL Developer Profile

Tribulant Software

7 plugins · 19K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

803 days

View full developer profile

Detection Fingerprints

How We Detect One Click SSL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/one-click-ssl/assets/css/backend.min.css/wp-content/plugins/one-click-ssl/assets/js/backend.min.js/wp-content/plugins/one-click-ssl/assets/css/frontend.min.css/wp-content/plugins/one-click-ssl/assets/js/frontend.min.js

Script Paths

/wp-content/plugins/one-click-ssl/assets/js/backend.min.js/wp-content/plugins/one-click-ssl/assets/js/frontend.min.js

Version Parameters

one-click-ssl/assets/css/backend.min.css?ver=one-click-ssl/assets/js/backend.min.js?ver=one-click-ssl/assets/css/frontend.min.css?ver=one-click-ssl/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

ocssl_wrapocssl_content

HTML Comments

+2 more

Data Attributes

data-ocssl-option

JS Globals

ocssl_settings

REST Endpoints

/wp-json/one-click-ssl/v1/settings

FAQ