Really Simple SSL

Really Simple SSL will automatically configure your website to use SSL to its fullest potential. Use extra security features to protect your website, and use our server health check to keep up-to-date.

Features

• Easy SSL Migration: Takes your website to HTTPS in just one-click.
• Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.
• Server Health Check: Your server configuration is every bit as important for your website security.
• WordPress Hardening: Tweak your configuration and keep WordPress fortified and safe by tackling its weaknesses.
• Vulnerability Detection: Get notified when plugins, themes or core contain vulnerabilities and need appropriate action.

Improve Security with Really Simple SSL Pro

• The Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix it. Both Front- and Back-end.

Security Headers

These features mitigate the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware among others.

• Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX etc.
• Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options and Referrer Policy.
• Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.

Advanced Security

Isolate your website from unnecessary file loading and exchanges with third-parties. Fully control your website and minimize risk of manipulation.

• Designed for WordPress.
• Control third-parties with the Content Security Policy – including Learning Mode.
• Control browser features with the Permissions Policy e.g. geolocation, camera’s and microphones.
• Isolate information exchange between other websites. Fully control in- and outbound of data.

Advanced Hardening

• Choose a custom login URL
• Rename and randomize your database prefix.
• Change the debug.log file location to a non-public folder
• Disable application passwords.
• Control admin creation
• Disable HTTP methods, reducing HTTP requests.

Vulnerability Measures

When a vulnerability is detected you will get notified accordingly. With Vulnerability Measures you can configure simple, but effective, measures to make sure a missed notification is not the end of the world.

• Force update: An update process will be tried multiple times, until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.
• Quarantine: This extends the update process, which will run. When a plugin or theme can’t be updated to solve a vulnerability, it will be disabled and deactivated. Use with caution!

How does Really Simple SSL’s HTTPS migration work?

• The plugin will check for an existing SSL certificate. If you don’t have one, you can generate one in the plugin. Depending on your hosting provider, the plugin can also install it for you or assist with instructions.
• If needed, It will handle known issues WordPress has with SSL. An example might be that your website uses a loadbalancer, proxy or headers are not passed to detect a certificate.
• All incoming requests are redirected to HTTPS with a default 301 WordPress redirect. You can also choose a .htaccess redirect.
• The Site URL and Home URL are changed to HTTPS.
• Your insecure content is fixed by replacing all HTTP:// URLs with HTTPS://, except external hyperlinks, dynamically.
• Cookies with PHP are set securely by setting them with the HTTPOnly flag.

Useful Links

• Documentation
• SSL Definitions
• Translate Really Simple SSL
• Issues & pull requests
• Feature requests

Love Really Simple SSL?

Hopefully, this plugin saves you some time. If you want to support the continuing development of this plugin, please consider buying Really Simple SSL Pro, which includes some excellent security features and premium support.

About Really Simple Plugins

Other plugins developed by Really Simple Plugins are: Complianz and Burst Statistics. Really Simple SSL is developed by Really Simple Plugins.

For generating SSL certificates, Really Simple SSL uses the le acme2 PHP Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on GitHub as well!