Both Really Simple SSL and Really Simple SSL have a new release coming up.
In 2.4, the mixed content fixer has been rebuilt. Also the mixed content fixer detection, which prior worked with a small comment at the bottom, is now changed to a data attribute. This way, ajax calls don’t get bothered with the comment anymore, and minification tools do not strip the comment away anymore. The result should be that the plugin can see better if the mixed content fixer is doing it’s work.
The coming pro version has some cool new features as well! Included in this release will be:
HSTS preload list.
For those who don’t know already, the current version of Really Simple SSL pro gives the option to enable HSTS, or HTTP Strict Transport Security. This settings tells browsers that it must only use HTTPS to connect with your site. This makes your site more secure, but the browser still needs to connect with your site before it can see that header.
To fix this you can enter your site on the preload list. This enables browser to know beforehand if a website must be visited over SSL.
A warning is needed here: it is not easy to remove a site from the preload list, and you have to force all your subdomains over SSL as well. This makes it impossible to use on per page activated SSL on a multisite website.
Mixed content fixer for the back-end
I’ve always held the position that plugin developers and theme developers should develop protocol independent. That is, if you need a hardcoded url to an external site, use // instead of http://. That said, it still occasionally happens that plugins or themes generate mixed content on the back-end, and that the developer is not willing to fix the problem. For these cases, I added the option to enable the mixed content fixer for the back-end as well.