Does Redirection HTTPS for Apache have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Redirection HTTPS for Apache compatible with WordPress 6.4.8?

According to WordPress.org data, Redirection HTTPS for Apache 1.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Redirection HTTPS for Apache updated?

Redirection HTTPS for Apache was last updated on Feb 4, 2024. Frequent updates are generally a positive security signal.

What is Redirection HTTPS for Apache's security score?

Redirection HTTPS for Apache has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Redirection HTTPS for Apache Security & Risk Analysis

wordpress.org/plugins/redirection-https-for-apache

Redirection HTTPS for Apache is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published …

30 active installs v1.0 PHP + WP 5.0+ Updated Feb 4, 2024

http-https-apache

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Redirection HTTPS for Apache Safe to Use in 2026?

Generally Safe

Score 85/100

Redirection HTTPS for Apache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "redirection-https-for-apache" v1.0 presents a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with or without authentication significantly limits the potential attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries utilizing prepared statements and all outputs being properly escaped, indicating a robust approach to preventing common web vulnerabilities like SQL injection and cross-site scripting. The plugin also shows no history of known vulnerabilities, which is a strong indicator of its current stability and security.

However, there are areas that warrant attention. The static analysis revealed 3 "flows with unsanitized paths." While these are not classified as critical or high severity in the taint analysis, unsanitized path flows can still be a vector for directory traversal or other file-related attacks if not handled carefully. The presence of 8 "file operations" also suggests that the plugin interacts with the file system, making the unsanitized path flows a more significant concern. The lack of nonce checks and capability checks, while not directly exploitable due to the limited attack surface, suggests a potential weakness if new entry points were to be introduced in future versions without proper security controls.

In conclusion, "redirection-https-for-apache" v1.0 is currently in a good security state with a minimal attack surface and strong adherence to secure coding practices for SQL and output handling. The primary concern lies with the identified unsanitized path flows within file operations, which, although not rated critically, should be thoroughly reviewed and mitigated to ensure comprehensive security. The lack of vulnerability history is a definite strength, but the plugin's security should be continuously monitored, especially concerning the file operation vulnerabilities and the absence of robust authentication checks on potential future entry points.

Key Concerns

Flows with unsanitized paths
File operations present
No nonce checks
No capability checks

Vulnerabilities

None known

Redirection HTTPS for Apache Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Redirection HTTPS for Apache Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Redirection HTTPS for Apache Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

rhfpa_apache301_install (redirection-https-for-apache.php:33)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Redirection HTTPS for Apache Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actioninitredirection-https-for-apache.php:79

actiondeactivated_pluginredirection-https-for-apache.php:82

Maintenance & Trust

Redirection HTTPS for Apache Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 4, 2024

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Redirection HTTPS for Apache Alternatives

No alternatives data available yet.

Developer Profile

Redirection HTTPS for Apache Developer Profile

infranetworking

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Redirection HTTPS for Apache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

BEGIN Redirection HTTPS for Apache (Infranetworking) The directives (lines) between `BEGIN Redirect to HTTPS` and `END Redirect to HTTPS` are dynamically generated, and should only be modified via WordPress filters. Any changes to the directives between these markers will be overwritten.+1 more

FAQ