SSL

New features for free and pro version coming up

Both Really Simple SSL and Really Simple SSL have a new release coming up.

In 2.4, the mixed content fixer has been rebuilt. Also the mixed content fixer detection, which prior worked with a small comment at the bottom, is now changed to a data attribute. This way, ajax calls don’t get bothered with the comment anymore, and minification tools do not strip the comment away anymore. The result should be that the plugin can see better if the mixed content fixer is doing it’s work.

The coming pro version has some cool new features as well! Included in this release will be:

HSTS preload list.

For those who don’t know already, the current version of Really Simple SSL pro gives the option to enable HSTS, or HTTP Strict Transport Security. This settings tells browsers that it must only use HTTPS to connect with your site. This makes your site more secure, but the browser still needs to connect with your site before it can see that header.

To fix this you can enter your site on the preload list. This enables browser to know beforehand if a website must be visited over SSL.

A warning is needed here: it is not easy to remove a site from the preload list, and you have to force all your subdomains over SSL as well. This makes it impossible to use on per page activated SSL on a multisite website.

Mixed content fixer for the back-end

I’ve always held the position that plugin developers and theme developers should develop protocol independent. That is, if you need a hardcoded url to an external site, use // instead of http://. That said, it still occasionally happens that plugins or themes generate mixed content on the back-end, and that the developer is not willing to fix the problem. For these cases, I added the option to enable the mixed content fixer for the back-end as well.

Related Articles

  • Over 500.000 active installations of Really Simple SSL!

    This week I noticed Really Simple SSL has passed half a million active websites, and is download over 2 million times! Pretty cool! So I have to thank you, for...
  • Really Simple SSL 3.2.4

    Really Simple SSL 3.2.4 is ready for release. This latest version of the plugin can now be found at the Really Simple SSL GitHub page. This release includes a number...
  • Security review of Really Simple SSL

    I recently was asked on the WordPress support forums if Really Simple SSL is securely built. I always thoroughly check the code for possible security issues, and secure all posts...
  • Really Simple SSL and GDPR

    As a consequence of the upcoming new privacy regulations, the GDPR, some users have been asking if Really Simple SSL is compliant, or if the plugin or add-ons do any...