Author: Leon Wimmenhoeve

Security review of Really Simple SSL

I recently was asked on the WordPress support forums if Really Simple SSL is securely built. I always thoroughly check the code for possible security issues, and secure all posts and database updates. Besides this, access is to functions is limited based on usercapability, and files only needed for the back-end are not loaded at the front-end. Nevertheless, I think it’s better when someone else confirms there are no issues. Really Simple SSL was recently reviewed by Plugin Vulnerabilities, without

Leon Wimmenhoeve June 10, 2017

Hyperlinks to external urls getting replaced to https

There are two situations where a normal hyperlink to an external URL could get replaced to https The website domain is part of the external domain If for example, the external URL is http://domain.com.au, while the website URL is http://domain.com, this can happen. Really Simple SSL replaces all instances of the own website domain in the HTML to https. In this edge case, the external URL gets replaced as well: replace http://domain.com in http://domain.com.au to https, and the external link

Leon Wimmenhoeve April 17, 2017

HSTS: HTTP Strict Transport Security, and why it’s good to have it

HSTS (HTTP Strict Transport Security) is available in Really Simple SSL pro, and most people just activate it. But it’s good to know why you need it. When you have an SSL certificate on your domain, anyone can still use your site over the http (insecure). The simplest solution is to add a redirect. That’s one of the features of Really Simple SSL: it adds a redirect to your site that forces it over SSL. But what if someone pretends to be your

Leon Wimmenhoeve April 4, 2017

Redirect to https not working

After enabling Really Simple SSL and clicking the “Activate SSL” button, a 301 PHP redirect to https:// will be activated by default. If you notice that your site can still be reached over http://, it is possible that the redirect does not work because the site is still cached. If you’re using Apache or LiteSpeed, the recommended redirect method is the 301 .htaccess redirect. But as not every server uses Apache/LiteSpeed, and not all servers support the detected .htaccess redirect

Leon Wimmenhoeve April 3, 2017

Certificate expiration check in Really Simple SSL pro

There’s something strange with uptime robots: they don’t detect expired certificates. So, even though you don’t get any messages that your site is down, it could still be that your SSL certificate has expired… and browsers will block your site, or present “insecure” warnings to users. This happens because technically, your site is not down. It’s just that there’s no browser that will display your site without resulting in such warnings. If you generate your SSL certificate with the Let’s

Leon Wimmenhoeve March 11, 2017

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular