Getting started: Installation of Really Simple SSL pro is just like any other plugin, except that you can’t download it from the WordPress repository, you have to upload it yourself, like when you do a manual install of a wordpress plugin.
Do not deactivate the free version of Really Simple SSL!
You can watch this video for a brief explanation of the installation and most important features, or scroll down to the explanation below. If you need any help, just submit a ticket.
Downloading the plugin
You should have received an email with a download link for the plugin. If not, or if your download link has expired, you can always download it from your account on really-simple-ssl.com. If you don’t have an account, you can create one using the email you used for the purchase.
Because it is an add-on, you need to have the free version of Really Simple SSL activated as well. You can find the free version here.
- If you do not have Really Simple SSL free version activated, please install and activate.
- In the email you received, you will find a download link. Download the plugin.
- Go to plugins, click “add new”, and click “upload”. Select the zipped file you downloaded after purchasing the pro version, and click install, then activate.
- Go to Settings/SSL. A new tab “license” has appeared here. You can enter the license key here, then save
Below the settings tab, you will now find your new options, like HSTS. The scan functionality can be found on the scan tab.
In settings/SSL/Scan, you can now run a scan on your site. In some cases you might need to disable brute force database search (which limits the search to default WordPress tables and files), and/or the usage of curl, which is a function used to request webpages. When mixed content issues are found, you can click on the instructions link for information how to fix this. If you have any problems, please submit a ticket here.
In Really Simple SSL pro you get some extra settings.
- HSTS (currently apache only)
This is a security setting that will make your site more secure. I recommend to enable this setting. It’s best to do this when your site has been on SSL for a week or so. More information on HSTS
- HSTS preload list (currently apache only, and when HSTS is enabled)
You can enter your site in the preload list, which preloads your site in Chrome and Firefox. This means the browser already knows your site is on SSL, and does not request an insecure page at all. Use this only if you have carefully read the information about it. It cannot easily be undone!
- Mixed content fixer on the back-end
In some cases, plugins, or themes insert http links in the back-end as well. If you don’t have the green lock on the back-end, you can enable the mixed content fixer on the back-end as well.