Does Simple Force SSL have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Force SSL compatible with WordPress 6.7.5?

According to WordPress.org data, Simple Force SSL 2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Force SSL compatible with PHP 5.6+?

Simple Force SSL requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Force SSL updated?

Simple Force SSL was last updated on Dec 6, 2024. Frequent updates are generally a positive security signal.

What is Simple Force SSL's security score?

Simple Force SSL has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Force SSL Security & Risk Analysis

wordpress.org/plugins/simple-force-ssl

This plugin forces all traffic to be redirected to the HTTPS version of your site using a 301 redirect.

300 active installs v2.0 PHP 5.6+ WP 3.0+ Updated Dec 6, 2024

force-redirecthttpsredirectsecure-connectionssl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Force SSL Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Force SSL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "simple-force-ssl" v2.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, combined with 100% of SQL queries using prepared statements and the presence of nonce checks, significantly limits the potential attack surface. The plugin also has no recorded vulnerability history, suggesting a commitment to secure development practices and prompt patching if issues arise.

However, a critical concern emerges from the taint analysis, which identified one flow with unsanitized paths. While no critical or high severity taint flows were reported, this single unsanitized path represents a potential risk, especially if it involves user-supplied input that is not properly validated or escaped before being used. Furthermore, the static analysis flagged one total output that is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if that output contains untrusted data.

In conclusion, the plugin's strengths lie in its minimal attack surface and diligent use of prepared statements for SQL. The vulnerability history is also a positive indicator. Nevertheless, the presence of an unsanitized path and unescaped output requires attention. Addressing these specific code-level concerns will further enhance the plugin's security.

Key Concerns

Flow with unsanitized path
Unescaped output found

Vulnerabilities

None known

Simple Force SSL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Force SSL Release Timeline

v2.0Current

Code Analysis

Analyzed Mar 16, 2026

Simple Force SSL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

me_simple_force_ssl (simple-force-ssl.php:38)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Force SSL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actiontemplate_redirectsimple-force-ssl.php:46

actionadmin_menusimple-force-ssl.php:70

Maintenance & Trust

Simple Force SSL Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 6, 2024

PHP min version5.6

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

Simple Force SSL Alternatives

Easy HTTPS Redirection (SSL)

https-redirection

100

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

100K No CVEs

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan

wp-letsencrypt-ssl

Lifetime SSL solution - Free SSL certificate & HTTPS redirect, resolve insecure site, fix SSL errors, SSL score, Easiest SSL & Security plugin.

50K 2 CVEs

One Click SSL

one-click-ssl

Enable SSL/TLS (https://) to redirect all pages to SSL/TLS and load all resources over SSL/TLS.

10K 1 CVE

Auto-Install Free SSL – Generate & Install Free SSL Certificates

auto-install-free-ssl

100

Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.

9K No CVEs

Cloudflare SSL by Weslink

ctw-ssl-for-cloudflare

Plugin to enable CloudFlare Flexible SSL for Wordpress and to prevent the Redirect Loop

2K No CVEs

Developer Profile

Simple Force SSL Developer Profile

imemine

6 plugins · 10K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Force SSL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="me_simple_force_ssl_enabled"name="me_simple_force_ssl_save"

FAQ