[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCzuBBR35LAfBbMdVSaiGB9_g7e8AzgYX4Ky9cnB_kHU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":56,"analysis":151,"fingerprints":269},"wp-force-ssl","WP Force SSL & HTTPS SSL Redirect","1.68","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F?ref=wporg\" rel=\"nofollow ugc\">WP Force SSL\u003C\u002Fa> helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors \u003Cstrong>without touching any code\u003C\u002Fstrong>. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.\u003C\u002Fp>\n\u003Cp>How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get \u003Ca href=\"https:\u002F\u002Fwpforcessl.com\u002F\" rel=\"nofollow ugc\">WP Force SSL PRO\u003C\u002Fa> and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.\u003C\u002Fp>\n\u003Cp>Access WP Force SSL settings via the main Settings menu -> WP Force SSL.\u003C\u002Fp>\n\u003Ch4>SSL Tests available in the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>is site on localhost?\u003C\u002Fli>\n\u003Cli>check SSL certificate\u003C\u002Fli>\n\u003Cli>check SSL certificate expiry date\u003C\u002Fli>\n\u003Cli>is latest version of Force SSL used?\u003C\u002Fli>\n\u003Cli>are known incompatible SSL plugins active?\u003C\u002Fli>\n\u003Cli>is WP address URL set for SSL?\u003C\u002Fli>\n\u003Cli>is WP home URL set for SSL?\u003C\u002Fli>\n\u003Cli>is SSL monitoring enabled (pro feature)\u003C\u002Fli>\n\u003Cli>is HTTPS redirection working?\u003C\u002Fli>\n\u003Cli>is file redirection working (pro feature)\u003C\u002Fli>\n\u003Cli>is HSTS enabled?\u003C\u002Fli>\n\u003Cli>check mixed-content issue (pro feature)\u003C\u002Fli>\n\u003Cli>is htaccess available & writable?\u003C\u002Fli>\n\u003Cli>is 404 redirection enabled (pro feature)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>redirect HTTP to HTTPS\u003C\u002Fli>\n\u003Cli>fix mixed-content (pro)\u003C\u002Fli>\n\u003Cli>enable HSTS\u003C\u002Fli>\n\u003Cli>force secure cookies (pro)\u003C\u002Fli>\n\u003Cli>cross-site scripting protection (pro)\u003C\u002Fli>\n\u003Cli>expect CT header\u003C\u002Fli>\n\u003Cli>X-Frame options\u003C\u002Fli>\n\u003Cli>show WP Force SSL menu in admin bar\u003C\u002Fli>\n\u003Cli>show WP Force SSL widget in admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SSL certificate testing tool\u003C\u002Fh4>\n\u003Cp>WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.\u003C\u002Fp>\n\u003Ch4>Need support?\u003C\u002Fh4>\n\u003Cp>We’re here for you! Things get frustrating when they don’t work so make sure you \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-force-ssl\u002F\" rel=\"ugc\">open a support topic\u003C\u002Fa> in the official Force SSL forum. We answer all questions within a few hours!\u003C\u002Fp>\n\u003Ch4>External Assets\u003C\u002Fh4>\n\u003Cp>A big thank you to \u003Ca href=\"https:\u002F\u002Fsweetalert2.github.io\u002F\" rel=\"nofollow ugc\">SweetAlert2\u003C\u002Fa> authors which we use to make alerts nicer. And to \u003Ca href=\"https:\u002F\u002Fdepositphotos.com\u002F248496280\u002Fstock-illustration-online-payment-protection-system-concept.html\" rel=\"nofollow ugc\">DepositPhotos\u003C\u002Fa> for the lovely header image.\u003C\u002Fp>\n","Enable SSL & HTTPS redirect with 1 click! Add SSL certificate & WP Force SSL to redirect site from HTTP to HTTPS & fix SSL errors.",90000,1746375,94,179,"2025-12-03T20:17:00.000Z","6.9.4","4.6","5.2",[20,21,22,23,24],"force-ssl","https","mixed-content","ssl","ssl-certificate","https:\u002F\u002Fwpforcessl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-force-ssl.1.68.zip",99,1,0,"2024-06-07 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2024-5770","wp-force-ssl-https-ssl-redirect-missing-authorization-to-settings-update","WP Force SSL & HTTPS SSL Redirect \u003C= 1.66 - Missing Authorization to Settings Update","The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.",null,"\u003C=1.66","1.67","medium",4.2,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Missing Authorization","2024-06-08 04:32:38",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc2081e4a-c6b7-4730-be59-bc728b90ecaa?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"webfactory",28,3492000,98,699,78,"2026-04-03T21:13:46.866Z",[57,78,97,116,134],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":52,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":77,"fetched_at":31},"ssl-zen","SSL Zen — SSL Certificate Installer & HTTPS Redirects","4.7.7","SSL Zen - Free SSL\u002FHTTPS","https:\u002F\u002Fprofiles.wordpress.org\u002Fsslzen\u002F","\u003Ch3>Secure your website with a Free Let’s Encrypt SSL certificate.\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJk86wUqoOco?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsslzen.com\" rel=\"nofollow ugc\">SSL Zen\u003C\u002Fa> is a ‘Free SSL certificate’ plugin that helps you to secure your website, protect your customer’s data and show your visitors you’re trustworthy and authentic.\u003C\u002Fp>\n\u003Cp>Manually installing a free Let’s Encrypt SSL certificate involves editing SSL configuration files on your web server and troubleshooting issues. With this plugin, you can follow a few steps to get your free Let’s Encrypt SSL certificate. No coding required, no more mixed content, or insecure content warnings. You require no special developer experience to move your HTTP web pages to HTTPS or to force SSL on your website.\u003C\u002Fp>\n\u003Ch4>Features of Free Version:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Generate a free SSL certificate by verifying your domain ownership\u003C\u002Fli>\n\u003Cli>Install the free SSL certificate on your server or cPanel by following our video tutorials\u003C\u002Fli>\n\u003Cli>Renew the free SSL certificate by re-verifying and re-installing the SSL certificate every 90 days\u003C\u002Fli>\n\u003Cli>Settings page that shows your SSL certificate validity duration\u003C\u002Fli>\n\u003Cli>Get an email reminder 30 days before the free SSL certificate expires\u003C\u002Fli>\n\u003Cli>Secure padlock in the browser using Let’s Encrypt™ Free SSL certificate\u003C\u002Fli>\n\u003Cli>SSL certificate is a ranking factor for search engines\u003C\u002Fli>\n\u003Cli>SSL certificate displays information about your domain name and is verified by Let’s Encrypt™\u003C\u002Fli>\n\u003Cli>Enable secure payment processing on websites with SSL certificates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: The free version requires you to manually verify your domain name with \u003Ca href=\"https:\u002F\u002Fletsencrypt.org\" rel=\"nofollow ugc\">Let’s Encrypt\u003C\u002Fa> by uploading a file on your server. You will also need to upload the free SSL certificate on your server and configure them. SSL certificate from Let’s Encrypt is only valid for \u003Ca href=\"https:\u002F\u002Fletsencrypt.org\u002F2015\u002F11\u002F09\u002Fwhy-90-days.html\" rel=\"nofollow ugc\">90 days\u003C\u002Fa> and need to be manually renewed. If you fail to renew your free SSL certificate, your website will start showing a not secure warning to the visitors.\u003C\u002Fp>\n\u003Cp>If you want the plugin to automatically install the SSL certificate and auto-renew it, please check the premium version of the plugin.\u003C\u002Fp>\n\u003Ch4>Features of Premium Version:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic Domain Verification\u003C\u002Fli>\n\u003Cli>Automatic free SSL Certificate Generation\u003C\u002Fli>\n\u003Cli>Automatic free SSL Certificate Installation\u003C\u002Fli>\n\u003Cli>Automatic free SSL Certificate Renewal\u003C\u002Fli>\n\u003Cli>Automatic HTTPS redirection\u003C\u002Fli>\n\u003Cli>Accelerate your website with StackPath’s Global Content Delivery Network\u003C\u002Fli>\n\u003Cli>Premium Support – Live Chat, Email Support\u003C\u002Fli>\n\u003Cli>Spam Protection\u003C\u002Fli>\n\u003Cli>Brute-Force Protection\u003C\u002Fli>\n\u003Cli>Forces Browser Validation on traffic anomalies\u003C\u002Fli>\n\u003Cli>Performs Real-time threat intelligence for IP addresses, source location, and information on malicious IPs.\u003C\u002Fli>\n\u003Cli>Patches known vulnerabilities in the Apache Struts framework by blocking requests suspected of exploiting these vulnerabilities\u003C\u002Fli>\n\u003Cli>Enables a set of rules designed to block common WordPress exploits\u003C\u002Fli>\n\u003Cli>Blocks clients performing multiple injection attacks.\u003C\u002Fli>\n\u003Cli>Blocks Probing and Forced Browsing\u003C\u002Fli>\n\u003Cli>Blocks SQL injection attack attempts\u003C\u002Fli>\n\u003Cli>Blocks Cross-Site-Scripting (XSS) attack attempts\u003C\u002Fli>\n\u003Cli>Blocks Shellshock attack attempts\u003C\u002Fli>\n\u003Cli>Blocks requests suspected of being a Remote File Inclusion attempt\u003C\u002Fli>\n\u003Cli>Blocks requests suspected of a Local File Inclusion attempt\u003C\u002Fli>\n\u003Cli>Blocks attempts to access and potentially harm your servers through backdoors\u003C\u002Fli>\n\u003Cli>Blocks requests suspected of web shell attempts\u003C\u002Fli>\n\u003Cli>Blocks requests suspected of Response header injection attempts\u003C\u002Fli>\n\u003Cli>Blocks Invalid User Agents\u003C\u002Fli>\n\u003Cli>Blocks Unknown User Agents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsslzen.com\u002F#pricing\" rel=\"nofollow ugc\">CLICK HERE TO THE BUY PREMIUM VERSION\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Why get an SSL certificate?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Trust – Starting from July 2018, Google Chrome has begun to mark all non-SSL websites as ‘Not-Secure’. When your users see the broken padlock, their trust wavers!\u003C\u002Fli>\n\u003Cli>Security – SSL certificate provides authentication, trust and compliance. If your customer is filling out forms, or making payments on your website, you need an SSL certificate to protect sensitive data from eavesdroppers.\u003C\u002Fli>\n\u003Cli>SEO – Google ranks SSL-enabled websites higher than unsecured websites. Hence, securing your website also helps get you on top of Google’s search results.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Facing problems with the plugin?\u003C\u002Fh4>\n\u003Cp>We have detailed documentation for the most common issues you might face while installing SSL using our plugin. Please visit our documentation site at \u003Ca href=\"https:\u002F\u002Fdocs.sslzen.com\u002F\" rel=\"nofollow ugc\">docs.sslzen.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Please leave a review\u003C\u002Fh4>\n\u003Cp>If our plugin helped you secure your website, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fssl-zen\u002Freviews\u002F#new-post\" rel=\"ugc\">review here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For more information about our plugin, please visit \u003Ca href=\"https:\u002F\u002Fsslzen.com\" rel=\"nofollow ugc\">sslzen.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Want SSL Zen plugin in your language?\u003C\u002Fh4>\n\u003Cp>You can directly translate the plugin in your language \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fssl-zen\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003Cbr \u002F>\nWhen you add translations, get in touch with us as we will get you listed as a Project Translation Editor for our plugin.\u003C\u002Fp>\n\u003Ch4>Legal:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>By downloading our plugin, You agree to Let’s Encrypt® \u003Ca href=\"https:\u002F\u002Fletsencrypt.org\u002Fdocuments\u002FLE-SA-v1.2-November-15-2017.pdf\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>By downloading our plugin, You agree to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyourivw\u002FLEClient\u002Fblob\u002Fmaster\u002FLICENSE\" rel=\"nofollow ugc\">LEClient license terms\u003C\u002Fa>, a PHP LetsEncrypt client library to verify domain ownership and generate an SSL certificate for your website.\u003C\u002Fli>\n\u003Cli>We use \u003Ca href=\"https:\u002F\u002Fletsdebug.net\u002F\" rel=\"nofollow ugc\">Let’s Debug\u003C\u002Fa> API, a diagnostic tool to help figure out why you might not be able to issue a certificate for Let’s Encrypt®.\u003C\u002Fli>\n\u003Cli>We use \u003Ca href=\"https:\u002F\u002Ffreemius.com\" rel=\"nofollow ugc\">Freemius\u003C\u002Fa> to collect non-sensitive diagnostic data about your website should you opt-in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Internet Security Research Group™, Let’s Encrypt®, ISRG™ are trademarks of the Internet Security Research Group. StackPath®, EdgeSSL™ are trademarks of StackPath, LLC. All rights reserved.\u003C\u002Fp>\n","Helps install a free Let's Encrypt SSL certificate, redirects HTTP to HTTPS and forces SSL on all pages.",10000,1080506,663,"2025-12-10T11:50:00.000Z","6.6.5","4.2","5.6",[73,74,21,22,23],"free-ssl","free-ssl-certificate","https:\u002F\u002Fsslzen.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-zen.4.7.7.zip","2024-04-17 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":69,"requires_at_least":17,"requires_php":91,"tags":92,"homepage":94,"download_link":95,"security_score":96,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"http-https-remover","SSL Mixed Content Fix","3.2.8","Steve85b","https:\u002F\u002Fprofiles.wordpress.org\u002Fsteve85b\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fhttp-https-remover\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fhttp-https-remover\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>UPDATE: This plugin will be maintained again! It changed ownership and we’re currently collecting ideas how to further improve it. If you have any cool ideas, please let us know in Support Forum. Thank you!\u003C\u002Fp>\n\u003Cp>Major updated in the latest release (3.0):\u003Cbr \u002F>\n– Plugin has a proper settings page now\u003Cbr \u002F>\n– Many bugs fixed\u003Cbr \u002F>\n– Code optimized, causing performance to increase a lot\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works in Front- and Backend\u003C\u002Fli>\n\u003Cli>Makes every Plugin compatible with https\u003C\u002Fli>\n\u003Cli>Compatible with WPBakery & Disqus\u003C\u002Fli>\n\u003Cli>Fixes Google Fonts issues\u003C\u002Fli>\n\u003Cli>Makes your website faster\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What does this Plugin do?\u003C\u002Fh4>\n\u003Cp>With protocol relative url’s you simply leave off the http: or https: part of the resource path. The browser will automatically load the resource using the same protocol that the page was loaded with.\u003C\u002Fp>\n\u003Cp>For example, an absolute url may look like\u003C\u002Fp>\n\u003Cpre>\u003Ccode>src=\"http:\u002F\u002Fdomain.com\u002Fscript.js\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you were to load this from a https page the script will not be loaded – as non-https resources are not loaded from https pages (for security reasons).\u003C\u002Fp>\n\u003Cp>The protocol relative url would look like\u003C\u002Fp>\n\u003Cpre>\u003Ccode>src=\"\u002F\u002Fdomain.com\u002Fscript.js\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>and would load if the web page was http or https.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tipp:\u003C\u002Fstrong> Check your Settings -> General page and make sure your WordPress Address and Site Address are starting with “https”.\u003Cbr \u002F>\nAdd the following two lines in your wp-config.php above the line that​ says “Stop Editing Here”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('FORCE_SSL', true);\ndefine('FORCE_SSL_ADMIN',true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>What is Mixed Content?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Mixed content\u003C\u002Fstrong> occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Example\u003C\u002Fh4>\n\u003Cp>Without Plugin:\u003Cbr \u002F>\n    src=”http:\u002F\u002Fdomain.com\u002Fscript01.js”\u003Cbr \u002F>\n    src=”https:\u002F\u002Fdomain.com\u002Fscript02.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript03.js”\u003C\u002Fp>\n\u003Cp>With Plugin:\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript01.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript02.js”\u003Cbr \u002F>\n    src=”\u002F\u002Fdomain.com\u002Fscript03.js”\u003C\u002Fp>\n\u003Ch4>If using Cache Plugins\u003C\u002Fh4>\n\u003Cp>If the plugin isn’t working like expected please purge\u002Fclear cache for the changes to take effect!\u003C\u002Fp>\n","A fix for mixed content! This Plugin creates protocol relative urls by removing http + https from links. Works in Front- and Backend!",9000,323765,82,34,"2024-07-17T01:21:00.000Z","",[20,21,93,22,23],"insecure-content","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhttp-https-Removal\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-https-remover.3.2.8.zip",92,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":16,"requires_at_least":110,"requires_php":91,"tags":111,"homepage":113,"download_link":114,"security_score":115,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"https-redirection","Easy HTTPS Redirection (SSL)","2.0.0","mra13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmra13\u002F","\u003Ch4>Only use this plugin if you have installed SSL certificate on your site and HTTPS is working correctly\u003C\u002Fh4>\n\u003Cp>Once you’ve installed an SSL certificate on your site, it’s important to ensure that your webpages are accessed via their secure HTTPS URLs.\u003C\u002Fp>\n\u003Cp>To improve SEO and user security, you want search engines and visitors to always use the HTTPS version of your pages. This plugin makes that easy by automatically redirecting users to the HTTPS version whenever they try to access the non-HTTPS (HTTP) version of a page.\u003C\u002Fp>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cp>Let’s say you want to ensure the following page is always accessed over HTTPS:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If a visitor tries to access:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin will automatically redirect them to the secure version:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwww.example.com\u002Fcheckout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This ensures that visitors always access the HTTPS version of your pages or site.\u003C\u002Fp>\n\u003Cp>You can choose to automatically redirect your entire domain to HTTPS, or selectively apply HTTPS redirection to specific pages.\u003C\u002Fp>\n\u003Ch3>Video Tutorials\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FoyJgRFCM6u8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLtyBraB64v8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Force Load Static Files Using HTTPS\u003C\u002Fh3>\n\u003Cp>If you started using SSL from day 1 of your site then all your static files are already embedded using HTTPS URL. You have no issue there.\u003C\u002Fp>\n\u003Cp>However, if you have an existing website where you have a lot of static files that are embedded in your posts and pages using NON-HTTPS URL then you will need to change those. Otherwise, the browser will show an SSL warning to your visitors.\u003C\u002Fp>\n\u003Cp>This plugin has an option that will allow you to force load those static files using HTTPS URL dynamically.\u003C\u002Fp>\n\u003Cp>This will help you make the webpage fully compatible with SSL.\u003C\u002Fp>\n\u003Ch3>SSL Certificate Expiry Notification\u003C\u002Fh3>\n\u003Cp>This plugin includes a feature that allows you to receive email notifications when your SSL certificate is about to expire. It helps ensure your website remains secure and accessible over HTTPS.\u003C\u002Fp>\n\u003Cp>You can configure the recipient email address and specify how many days in advance the notification should be sent. By default, the notification is sent 7 days before expiry, but you can adjust this to suit your preference.\u003C\u002Fp>\n\u003Cp>This feature is especially useful for site owners who may not frequently check their SSL status, or for those managing multiple websites. By receiving timely alerts, you can renew your SSL certificate in advance and prevent potential downtime or security warnings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically redirect all HTTP traffic to HTTPS\u003C\u002Fli>\n\u003Cli>Option to force HTTPS on the entire site\u003C\u002Fli>\n\u003Cli>Option to selectively apply HTTPS redirection to specific pages\u003C\u002Fli>\n\u003Cli>Helps search engines index the secure versions of your pages\u003C\u002Fli>\n\u003Cli>Improves site security and user trust\u003C\u002Fli>\n\u003Cli>Force load static files (images, js, css etc) using a HTTPS URL\u003C\u002Fli>\n\u003Cli>SSL certificate expiry notification – Option to send SSL expiry notifications to a specific email address\u003C\u002Fli>\n\u003Cli>Easily see which SSL certificates on your site are approaching their expiry date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View more details on the \u003Ca href=\"https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin\" rel=\"nofollow ugc\">HTTPS Redirection plugin\u003C\u002Fa> page.\u003C\u002Fp>\n","The plugin allows an automatic redirection to the \"HTTPS\" version\u002FURL of the site. Make your site SSL compatible easily.",100000,1169853,84,71,"2025-12-02T03:12:00.000Z","6.5",[20,21,93,112,23],"redirection","https:\u002F\u002Fwww.tipsandtricks-hq.com\u002Fwordpress-easy-https-redirection-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttps-redirection.2.0.0.zip",100,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":105,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":16,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":115,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ssl-insecure-content-fixer","SSL Insecure Content Fixer","2.7.2","webaware","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaware\u002F","\u003Cp>Clean up your WordPress website’s HTTPS insecure content and mixed content warnings. Installing the SSL Insecure Content Fixer plugin will solve most insecure content warnings with little or no effort. The remainder can be diagnosed with a few simple tools.\u003C\u002Fp>\n\u003Cp>When you install SSL Insecure Content Fixer, its default settings are activated and it will automatically perform some basic fixes on your website using the Simple fix level. You can select more comprehensive fix levels as needed by your website.\u003C\u002Fp>\n\u003Cp>WordPress Multisite gets a network settings page. This can be used to set default settings for all sites within a network, so that network administrators only need to specify settings on sites that have requirements differing from the network defaults.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fssl.webaware.net.au\u002F\" rel=\"nofollow ugc\">SSL Insecure Content Fixer website\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Many thanks to the generous efforts of our translators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bulgarian (bg_BG) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fbg\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Bulgarian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese simplified (zh_CN) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fzh-cn\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Chinese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_CA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-ca\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (Canadian) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_GB) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-gb\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (British) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English (en_ZA) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fen-za\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the English (South African) translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fnl\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Dutch translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fde\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the German translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French (fr_FR) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Ffr\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the French translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fit\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Italian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Japanese (ja) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fja\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Japanese translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fru\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Russian translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) — \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Flocale\u002Fes\u002Fdefault\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">the Spanish translation team\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to help out by translating this plugin, please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fssl-insecure-content-fixer\" rel=\"nofollow ugc\">sign up for an account and dig in\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>SSL Insecure Content Fixer does not collect any personally identifying information, and does not set any cookies.\u003C\u002Fp>\n","Clean up WordPress website HTTPS insecure content",2650141,96,221,"2025-12-14T04:38:00.000Z","4.0","5.3",[21,93,22,131,23],"partially-encrypted","https:\u002F\u002Fssl.webaware.net.au\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-insecure-content-fixer.2.7.2.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":65,"downloaded":142,"rating":52,"num_ratings":143,"last_updated":144,"tested_up_to":16,"requires_at_least":17,"requires_php":91,"tags":145,"homepage":148,"download_link":149,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":150,"fetched_at":31},"one-click-ssl","One Click SSL","1.7.7","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>A simple and easy to use WordPress SSL plugin which will redirect all non-SSL pages to SSL\u002FTLS and ensure that all resources on your SSL pages are loaded over SSL as well.\u003C\u002Fp>\n\u003Cp>It includes a user-friendly setup wizard upon activation to check if SSL is supported on the hosting\u002Fserver before it allows the SSL to be enabled and that ensures that the website doesn’t become inaccessible if SSL is not supported.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check if SSL\u002FTLS is supported on hosting\u002Fserver\u003C\u002Fli>\n\u003Cli>Enable SSL with a single click\u003C\u002Fli>\n\u003Cli>Redirects all non-SSL URLs to https:\u002F\u002F\u003C\u002Fli>\n\u003Cli>Converts all non-SSL resources (images, scripts, stylesheets, etc.) to https:\u002F\u002F on pages\u003C\u002Fli>\n\u003Cli>Redirect to non-SSL if SSL is not enabled\u003C\u002Fli>\n\u003Cli>Multisite network compatibility (enable SSL for all sites from one location)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fone-click-ssl-plugin\u002F11098\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for more details and detailed instructions.\u003C\u002Fp>\n","Enable SSL\u002FTLS (https:\u002F\u002F) to redirect all pages to SSL\u002FTLS and load all resources over SSL\u002FTLS.",303301,138,"2026-02-25T15:19:00.000Z",[21,22,146,147,23],"redirect","resources","https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F18\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-ssl.1.7.7.zip","2019-07-11 00:00:00",{"attackSurface":152,"codeSignals":246,"taintFlows":259,"riskAssessment":260,"analyzedAt":268},{"hooks":153,"ajaxHandlers":223,"restRoutes":242,"shortcodes":243,"cronEvents":244,"entryPointCount":245,"unprotectedCount":29},[154,160,162,168,171,174,177,182,185,188,191,194,197,200,204,207,211,216,220],{"type":155,"name":156,"callback":157,"file":158,"line":159},"filter","safe_style_css","closure","inc\\wp-force-ssl-utility.php",76,{"type":155,"name":156,"callback":157,"file":158,"line":161},285,{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","admin_init","init","wf-flyout\\wf-flyout.php",27,{"type":163,"name":169,"callback":169,"file":166,"line":170},"admin_enqueue_scripts",73,{"type":163,"name":172,"callback":172,"file":166,"line":173},"admin_head",74,{"type":163,"name":175,"callback":175,"file":166,"line":176},"admin_footer",75,{"type":163,"name":178,"callback":179,"file":180,"line":181},"template_redirect","wpfs_core","wp-force-ssl.php",89,{"type":163,"name":183,"callback":184,"file":180,"line":96},"send_headers","to_strict_transport_security",{"type":163,"name":183,"callback":186,"file":180,"line":187},"enable_expect_ct",95,{"type":163,"name":189,"callback":190,"file":180,"line":52},"admin_menu","add_settings_page",{"type":163,"name":172,"callback":192,"priority":193,"file":180,"line":27},"cleanup_enqueues",99999,{"type":163,"name":195,"callback":196,"file":180,"line":115},"wp_before_admin_bar_render","admin_bar",{"type":155,"name":198,"callback":198,"file":180,"line":199},"admin_footer_text",101,{"type":163,"name":201,"callback":202,"file":180,"line":203},"admin_print_scripts","remove_admin_notices",102,{"type":163,"name":169,"callback":205,"file":180,"line":206},"admin_scripts",103,{"type":163,"name":208,"callback":209,"file":180,"line":210},"wp_dashboard_setup","add_widget",104,{"type":155,"name":212,"callback":213,"priority":214,"file":180,"line":215},"plugin_row_meta","plugin_meta_links",10,107,{"type":163,"name":217,"callback":218,"file":180,"line":219},"admin_notices","notice_min_wp_version",900,{"type":163,"name":221,"callback":221,"file":180,"line":222},"plugins_loaded",1208,[224,230,234,238],{"action":225,"nopriv":226,"callback":227,"hasNonce":228,"hasCapCheck":228,"file":180,"line":229},"wpfs_save_settting",false,"ajax_save_setting",true,110,{"action":231,"nopriv":226,"callback":232,"hasNonce":228,"hasCapCheck":228,"file":180,"line":233},"wpfs_test_ssl","ajax_check_ssl",111,{"action":235,"nopriv":226,"callback":236,"hasNonce":228,"hasCapCheck":228,"file":180,"line":237},"wpfs_run_tests","ajax_run_tests",112,{"action":239,"nopriv":226,"callback":240,"hasNonce":228,"hasCapCheck":228,"file":180,"line":241},"wpfs_dismiss_notice","ajax_dismiss_notice",113,[],[],[],4,{"dangerousFunctions":247,"sqlUsage":248,"outputEscaping":250,"fileOperations":29,"externalRequests":256,"nonceChecks":245,"capabilityChecks":257,"bundledLibraries":258},[],{"prepared":29,"raw":29,"locations":249},[],{"escaped":251,"rawEcho":28,"locations":252},19,[253],{"file":180,"line":254,"context":255},824,"raw output",2,8,[],[],{"summary":261,"deductions":262},"The wp-force-ssl plugin exhibits a generally strong security posture, adhering to several good coding practices. Notably, there are no detected dangerous functions, all SQL queries utilize prepared statements, and the vast majority of output is properly escaped. The presence of nonce and capability checks on all identified AJAX handlers is a significant strength, as is the complete absence of REST API routes, shortcodes, and cron events, which limits the plugin's attack surface. The plugin also makes external HTTP requests, which are a potential area of concern but are not inherently a vulnerability. The vulnerability history shows a single medium-severity CVE in the past, which has been patched. This indicates that while past issues have occurred, the developers have a history of addressing them.\n\nHowever, there are areas for improvement. The plugin's attack surface, while limited to AJAX handlers, could be further scrutinized for any implicit assumptions about user roles or permissions that might not be explicitly enforced through capability checks. The two external HTTP requests, while not flagged as a vulnerability in the static analysis, represent potential vectors for supply chain attacks or information leakage if not handled with extreme care regarding the sources and content of these requests. The absence of taint analysis results is common for smaller plugins but would be a more comprehensive way to assess the handling of user-supplied data. Overall, wp-force-ssl appears to be a relatively secure plugin, but vigilance regarding external requests and thorough review of all authorization mechanisms remain important.",[263,266],{"reason":264,"points":265},"External HTTP requests detected",5,{"reason":267,"points":265},"One medium CVE historically","2026-03-17T05:35:38.297Z",{"wat":270,"direct":285},{"assetPaths":271,"generatorPatterns":277,"scriptPaths":278,"versionParams":279},[272,273,274,275,276],"\u002Fwp-content\u002Fplugins\u002Fwp-force-ssl\u002Fcss\u002Fwpfs-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-force-ssl\u002Fcss\u002Fsweetalert2.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-force-ssl\u002Fjs\u002Fwpfs-pointers.js","\u002Fwp-content\u002Fplugins\u002Fwp-force-ssl\u002Fjs\u002Fwpfs-sweetalert2.js","\u002Fwp-content\u002Fplugins\u002Fwp-force-ssl\u002Fjs\u002Fwpfs-admin.js",[],[274,275,276],[280,281,282,283,284],"wp-force-ssl\u002Fcss\u002Fwpfs-style.css?ver=","wp-force-ssl\u002Fcss\u002Fsweetalert2.min.css?ver=","wp-force-ssl\u002Fjs\u002Fwpfs-pointers.js?ver=","wp-force-ssl\u002Fjs\u002Fwpfs-sweetalert2.js?ver=","wp-force-ssl\u002Fjs\u002Fwpfs-admin.js?ver=",{"cssClasses":286,"htmlComments":287,"htmlAttributes":290,"restEndpoints":292,"jsGlobals":293,"shortcodeOutput":294},[],[288,289],"Thank you for installing the \u003Cb style=\"font-weight: 800;\">WP Force SSL\u003C\u002Fb> plugin!\u003Cbr>Open \u003Ca href=\"","\">Settings - WP Force SSL\u003C\u002Fa> to access SSL settings.",[291],"wp_force_ssl_pointers",[],[291],[]]