WP-Safety

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Security & Risk Analysis

wordpress.org/plugins/wp-letsencrypt-ssl

Lifetime SSL solution - Free SSL certificate & HTTPS redirect, resolve insecure site, fix SSL errors, SSL score, Easiest SSL & Security plugin.

50K active installs v7.8.5.15 PHP 7.0+ WP 5.4+ Updated Apr 4, 2026
force-httpsfree-sslhttpshttps-redirectssl
96
A · Safe
CVEs total2
Unpatched0
Last CVEMay 13, 2026
Plugin page Download
Safety Verdict

Is WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Safe to Use in 2026?

Generally Safe

Score 96/100

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 13, 2026Updated 1mo ago
Risk Assessment

The wp-letsencrypt-ssl v7.8.5.12 plugin exhibits a generally positive security posture with several good practices in place. The absence of unprotected entry points and the consistent use of prepared statements for SQL queries are strong indicators of a developer mindful of common vulnerabilities. The plugin also implements a significant number of nonce and capability checks, further enhancing its security.

However, there are areas that warrant attention. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent potential avenues for exploitation if data is not handled with sufficient sanitization. The relatively high number of file operations and external HTTP requests, combined with 13% of output not being properly escaped, could also introduce risks, especially if the data processed or outputted is sensitive or user-controlled.

The plugin's vulnerability history, specifically the single high-severity CVE for Exposure of Sensitive Information to an Unauthorized Actor, is a significant concern. Although currently unpatched, its occurrence suggests that the plugin has, in the past, been susceptible to attacks that could compromise sensitive data. The fact that this was the only reported vulnerability is a positive, but the nature of it necessitates continued vigilance and prompt patching of any future issues.

Key Concerns

  • Taint flow with unsanitized path
  • Taint flow with unsanitized path
  • Output not properly escaped (13%)
  • High severity CVE in vulnerability history
Vulnerabilities
2 published

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2026-3829medium · 5.4Missing Authorization

WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

May 13, 2026 Patched in 7.8.5.11 (1d)
CVE-2023-7046high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

Apr 9, 2024 Patched in 7.1.0 (112d)
Version History

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Release Timeline

v7.8.5.15Current
v7.8.5.14
v7.8.5.12
v7.8.5.11
v7.8.5.101 CVE
CVE-2026-3829
v7.8.5.91 CVE
CVE-2026-3829
v7.8.5.81 CVE
CVE-2026-3829
v7.8.5.71 CVE
CVE-2026-3829
v7.8.5.61 CVE
CVE-2026-3829
v7.8.5.51 CVE
CVE-2026-3829
v7.8.5.41 CVE
CVE-2026-3829
v7.8.5.11 CVE
CVE-2026-3829
v7.8.31 CVE
CVE-2026-3829
v7.8.21 CVE
CVE-2026-3829
v7.8.11 CVE
CVE-2026-3829
v7.8.01 CVE
CVE-2026-3829
Code Analysis
Analyzed Mar 16, 2026

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
34
230 escaped
Nonce Checks
25
Capability Checks
31
File Operations
78
External Requests
18
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared1 total queries

Output Escaping

87% escaped264 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths
wple_ssl_redirect (classes\le-forcessl.php:73)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Attack Surface

Entry Points19
Unprotected0

AJAX Handlers 19

authwp_ajax_wple_email_certsadmin\le_admin_pages.php:41
authwp_ajax_wple_review_noticeadmin\le_admin_pages.php:42
authwp_ajax_wple_mxerror_ignoreadmin\le_admin_pages.php:43
authwp_ajax_wple_update_settingsadmin\le_admin_pages.php:44
authwp_ajax_wple_update_securityadmin\le_admin_pages.php:45
authwp_ajax_wple_global_ignoreadmin\le_admin_pages.php:52
authwp_ajax_wple_global_dontshowadmin\le_admin_pages.php:53
authwp_ajax_wple_admin_httpverifyadmin\le_ajax.php:17
authwp_ajax_wple_admin_dnsverifyadmin\le_ajax.php:19
authwp_ajax_wple_validate_ssladmin\le_ajax.php:21
authwp_ajax_wple_getcert_for_copyadmin\le_ajax.php:23
authwp_ajax_wple_include_wwwadmin\le_ajax.php:25
authwp_ajax_wple_backup_ignoreadmin\le_ajax.php:27
authwp_ajax_wple_mscan_ignorefileadmin\le_ajax.php:30
authwp_ajax_wple_dismiss_noticeadmin\le_ajax.php:32
authwp_ajax_wple_wizard_sslscanadmin\le_ajax.php:35
authwp_ajax_wple_wizard_enable_httpsadmin\le_ajax.php:36
authwp_ajax_wple_interests_surveyadmin\le_handlers.php:17
authwp_ajax_wple_start_scannerclasses\le-scanner.php:26
WordPress Hooks 54
actionadmin_enqueue_scriptsadmin\le_admin.php:53
actionadmin_menuadmin\le_admin.php:54
actionbefore_wple_admin_formadmin\le_admin.php:55
actionadmin_initadmin\le_admin.php:61
actionadmin_noticesadmin\le_admin.php:65
actionadmin_noticesadmin\le_admin.php:69
actionadmin_noticesadmin\le_admin.php:73
actionadmin_noticesadmin\le_admin.php:77
actionadmin_noticesadmin\le_admin.php:81
actionadmin_noticesadmin\le_admin.php:89
actionwple_show_reviewrequestadmin\le_admin.php:92
actionwple_show_mxalertadmin\le_admin.php:93
actionwple_ssl_reminder_noticeadmin\le_admin.php:94
actionadmin_headadmin\le_admin.php:96
actionwple_init_ssllabsadmin\le_admin.php:97
actionwple_ssl_expiry_updateadmin\le_admin.php:98
actionwple_remindlater_trialadmin\le_admin.php:100
actionadmin_noticesadmin\le_admin.php:903
actionadmin_menuadmin\le_admin_pages.php:38
actionadmin_menuadmin\le_admin_pages.php:39
actionadmin_initadmin\le_admin_pages.php:40
actionadmin_bar_menuadmin\le_admin_pages.php:47
filtersite_status_testsadmin\le_admin_pages.php:48
filterwp_headersadmin\le_admin_pages.php:50
actionadmin_enqueue_scriptsadmin\le_admin_page_wrapper.php:37
actionadmin_initadmin\le_handlers.php:16
actionwpclasses\le-forcessl.php:50
actionwpclasses\le-forcessl.php:55
actionwp_enqueue_scriptsclasses\le-forcessl.php:56
actioninitclasses\le-forcessl.php:59
actionshutdownclasses\le-forcessl.php:60
actioninitclasses\le-forcessl.php:63
actionshutdownclasses\le-forcessl.php:64
actioninitclasses\le-security.php:42
filterwp_login_errorsclasses\le-security.php:53
filterxmlrpc_methodsclasses\le-security.php:56
filterwp_headersclasses\le-security.php:57
filteroembed_response_dataclasses\le-security.php:73
filterrest_request_before_callbacksclasses\le-security.php:79
filterthe_generatorclasses\le-security.php:117
filterstyle_loader_srcclasses\le-security.php:118
filterscript_loader_srcclasses\le-security.php:119
actiondo_feedclasses\le-security.php:222
actiondo_feed_rdfclasses\le-security.php:223
actiondo_feed_rssclasses\le-security.php:224
actiondo_feed_rss2classes\le-security.php:225
actiondo_feed_rss2_commentsclasses\le-security.php:226
actiondo_feed_atomclasses\le-security.php:227
actiondo_feed_atom_commentsclasses\le-security.php:228
filterpricing/show_annual_in_monthlywp-letsencrypt.php:123
filtertemplates/pricing.phpwp-letsencrypt.php:130
filterconnect_messagewp-letsencrypt.php:190
filtersupport_forum_urlwp-letsencrypt.php:202
filtershow_deactivation_subscription_cancellationwp-letsencrypt.php:209

Scheduled Events 13

wple_show_reviewrequest
wple_show_mxalert
wple_init_vulnerability_scan
wple_ssl_expiry_update
wple_init_ssllabs
wple_ssl_reminder_notice
wple_ssl_expiry_update
wple_ssl_renewal
wple_ssl_reminder_notice
wple_ssl_expiry_update
wple_ssl_expiry_update
wple_ssl_reminder_notice
wple_ssl_reminder_notice
Maintenance & Trust

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 4, 2026
PHP min version7.0
Downloads3.1M

Community Trust

Rating98/100
Number of ratings1,132
Active installs50K
Alternatives

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Alternatives

Auto-Install Free SSL – Generate & Install Free SSL Certificates

Auto-Install Free SSL – Generate & Install Free SSL Certificates

auto-install-free-ssl

A
100

Generate & install Free SSL Certificates for WordPress, HTTPS redirect, get PADLOCK in the browser, get automatic Renewal Reminders from plugin.

9K No CVEs
Https Redirector

Https Redirector

https-redirector

A
100

Automatically redirects all HTTP traffic to HTTPS, ensuring secure and encrypted connections for your website with seamless user experience.

0 No CVEs
SSL Zen — SSL Certificate Installer & HTTPS Redirects

SSL Zen — SSL Certificate Installer & HTTPS Redirects

ssl-zen

A
100

Helps install a free Let's Encrypt SSL certificate, redirects HTTP to HTTPS and forces SSL on all pages.

10K 1 CVE
NertWorks Site Wide SSL

NertWorks Site Wide SSL

nertworks-site-wide-ssl

A
85

Enforce SSL throughout the entire site. Supporting multiple methods. Can be used on the Front End of the site of the Admin Dashboard

20 No CVEs
Easy HTTPS Redirection (SSL)

Easy HTTPS Redirection (SSL)

https-redirection

A
100

The plugin allows an automatic redirection to the "HTTPS" version/URL of the site. Make your site SSL compatible easily.

100K No CVEs
Developer Profile

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Developer Profile

WP Encryption SSL

1 plugin · 50K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
57 days
View full developer profile
Detection Fingerprints

How We Detect WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-letsencrypt-ssl/assets/css/admin-style.css/wp-content/plugins/wp-letsencrypt-ssl/assets/css/style.css/wp-content/plugins/wp-letsencrypt-ssl/assets/js/admin-script.js/wp-content/plugins/wp-letsencrypt-ssl/assets/js/frontend-script.js
Script Paths
/wp-content/plugins/wp-letsencrypt-ssl/assets/js/admin-script.js/wp-content/plugins/wp-letsencrypt-ssl/assets/js/frontend-script.js
Version Parameters
wp-letsencrypt-ssl/assets/css/admin-style.css?ver=wp-letsencrypt-ssl/assets/css/style.css?ver=wp-letsencrypt-ssl/assets/js/admin-script.js?ver=wp-letsencrypt-ssl/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

JS Globals
wple_admin_ajax_objectwple_frontend_ajax_object
REST Endpoints
/wp-json/wple-ssl/v1/settings
FAQ

Frequently Asked Questions about WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan