Author: Leon Wimmenhoeve
Hyperlinks to external urls getting replaced to https
There are rare cases where a normal hyperlink to an external URL might get replaced to https. For instance, this could occur if the site’s own domain is part of the external domain. For example: if the external URL is http://domain.com.au, while the website URL is http://domain.com. Really Simple Security replaces all instances of the own website domain in the HTML to https. In this edge case, the external URL gets replaced as well: replace http://domain.com in http://domain.com.au to https,
HSTS: HTTP Strict Transport Security, and why it’s good to have it
HSTS (HTTP Strict Transport Security) is available in Really Simple Security (Pro), and most people just activate it. But it’s good to know why you need it. When you have an SSL certificate on your domain, anyone can still use your site over the http (insecure). The simplest solution is to add a redirect. That’s one of the features of Really Simple Security: it adds the redirect to your site that forces it to load over SSL. But what if a malicious
Redirect to https not working
After enabling Really Simple Security and clicking the “Activate SSL” button, the PHP-based WordPress 301 redirect to https:// will be activated by default. If you notice that your site can still be reached over http://, it is possible that the redirect does not work because the site is still cached. If you’re using Apache or LiteSpeed, the recommended redirect method is the 301 .htaccess redirect. But as not every server uses Apache/LiteSpeed, and not all servers support the detected .htaccess
Certificate expiration check in Really Simple Security pro
There’s something strange with uptime robots: they usually don’t detect expired SSL certificates. So, even though you don’t get any messages that your site is down, it could still be that your SSL certificate has expired… and browsers will block access your site, or at least present “insecure” warnings to users. This happens because technically, your site is not entirely down. It’s just that there’s no browser that will display your site without resulting in such warnings. Iif you’ve generated
Using safe mode
Migrating to SSL can sometimes cause unexpected side effects. When caching is causing redirects, or a plugin redirects back to http, or other such issues, it can be helpful to activate Really Simple Security in a minimized way. First, deactivate Really Simple Security (use the remote deactivation script if you don’t have access to the wp-admin), then add the following line to your wp-config.php. define(“RSSSL_SAFE_MODE”, true); After doing so, the plugin will no longer: Change your site URL to https