Author: Leon Wimmenhoeve

Enabling SSL for just one page, or excluding one page or URL

Why SSL on one page? If you don’t want to move to SSL entirely because you’re afraid to lose your ranking, don’t worry. If you redirect your site with 301 permanent redirects, this does not happen. Still, there might be some use case to only enable SSL on a specific page. For instance, your site might use a service that doesn’t support SSL/HTTPS. Trying to get that service to start supporting SSL is always the preferred solution. But if you’ve

Leon Wimmenhoeve January 8, 2016

No SSL detected, but I’m sure I have SSL

No SSL was detected If you see this message reported by Really Simple Security, this can mean two things: You don’t have an SSL certificate. You can check this on ssllabs.com/ssltest The certificate check in Really Simple Security failed, because the output on your server differs from the expected output. If the scan on SSL Labs checks out, you can get Really Simple Security to detect SSL simply by loading the admin over SSL: Go to the login page of your

Leon Wimmenhoeve January 5, 2016

How to uninstall / deactivate when backend is not accessible

There are some situations where enabling HTTPS might get you locked out of the WordPress backend. For example: if you do not have a valid SSL certificate and you enforced it anyway, or if you still have a redirect to http:// enabled on the site and then activate SSL in Really Simple Security, which adds a redirect to https://. In this case, you’d want to deactivate the plugin: but you can’t access the WordPress Plugin overview to do so. To

Leon Wimmenhoeve January 3, 2016

Avoid landing page redirects, redirecting www to non-www and vice versa

Google encourages to “avoid landing page redirects”. But in case of SSL, this recommendation conflicts with SSL best practices. At the same time, 1 or 2 redirects, as long as they are 301 permanent, are not harmful at all. Let me explain. Why is there a double redirect in my site? WordPress internally redirects your site to the primary domain, which is entered in the general settings (Settings -> General). For example, when your site url is set to http://www.domain.com,

Leon Wimmenhoeve December 31, 2015

How to check if the Mixed content fixer is active

Detect mixed content with an extensive scan, with easy fix button!

Leon Wimmenhoeve December 14, 2015

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular