SSL

New features for free and pro version coming up

Both Really Simple SSL and Really Simple SSL have a new release coming up.

In 2.4, the mixed content fixer has been rebuilt. Also the mixed content fixer detection, which prior worked with a small comment at the bottom, is now changed to a data attribute. This way, ajax calls don’t get bothered with the comment anymore, and minification tools do not strip the comment away anymore. The result should be that the plugin can see better if the mixed content fixer is doing it’s work.

The coming pro version has some cool new features as well! Included in this release will be:

HSTS preload list.

For those who don’t know already, the current version of Really Simple SSL pro gives the option to enable HSTS, or HTTP Strict Transport Security. This settings tells browsers that it must only use HTTPS to connect with your site. This makes your site more secure, but the browser still needs to connect with your site before it can see that header.

To fix this you can enter your site on the preload list. This enables browser to know beforehand if a website must be visited over SSL.

A warning is needed here: it is not easy to remove a site from the preload list, and you have to force all your subdomains over SSL as well. This makes it impossible to use on per page activated SSL on a multisite website.

Mixed content fixer for the back-end

I’ve always held the position that plugin developers and theme developers should develop protocol independent. That is, if you need a hardcoded url to an external site, use // instead of http://. That said, it still occasionally happens that plugins or themes generate mixed content on the back-end, and that the developer is not willing to fix the problem. For these cases, I added the option to enable the mixed content fixer for the back-end as well.

Related Articles

  • Really Simple SSL 2.5.14, minor update

    2.5.14 was released today, with two adjustments: A bug was discovered in the mixed content fixer, where a match was found on http links across html elements when newlines were removed...
  • Really Simple SSL Pro 2.0.4

    Improved mixed content scan Today Really Simple SSL pro 2.0.4 has been released. The mixed content scan in Really Simple SSL pro now has an improved function detect mixed content...
  • Chrome and Firefox ending support for legacy Symantec certificates

    Chrome and Firefox ending support for legacy Symantec certificates From Google Chrome version 66 and Firefox 60 onwards, support for legacy Symantec certificates (certificates issued before 1 June 2016) will be...
  • Really Simple SSL 2.5.24 – minor multisite fix

    Today Really Simple SSL 2.5.24 was released. Apart from the renaming of a css class, there was only one important change, and this one affecting only sites which: are multisite...