Generate an SSL certificate with Let’s Encrypt
Most hosting providers will provide you with an SSL certificate. Really Simple SSL attempts to detect and enforce the installed SSL certificate automatically. If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple SSL. The below steps will guide you through the SSL generation process. Important Note: your Hosting Provider may restrict the generation/installation of third-party SSL certificates.
About the Security Scan
In the last five years, Really Simple SSL has positioned itself as one of the leading authorities on Security Headers. We gave talks about the importance of Security Headers on WordCamp Europe, and have always aspired to give everyone in the (WordPress) ecosystem an easy way to configure Security Headers as it’s a fundamental part of securing the web for everyone. We have relied on securityheaders.com for a while to quickly access a list of available Security Headers on any given
How to set Security Headers on Apache and NGINX
Below we will discuss the challenges and solutions of setting security headers in a WordPress environment. Methods for setting http security headers There are different ways to set security headers on both Apache and Nginx. Usually, security headers on Apache are set in the .htaccess file in the root of your WordPress installation, for Nginx servers they are usually set in the nginx.conf file. Some servers combine Nginx and Apache so they can be set in either of those files.
How to find where (unwanted) security headers are set
In some cases you may be unable to change a security header from within Really Simple SSL because the settings is disabled. You may even get the following warning in the Really Simple SSL dashboard: “The … security header is not set by Really Simple SSL, but has a non-recommended value: “…” This means that the header was set by other means, sometimes incorrectly or with non-recommended values. If we find an incorrectly set header or a header that is
Does Really Simple Security affect Page Speed?
When you’ve activated Really Simple SSL on your site, in some cases you might notice your site has become slower: this is not caused by the plugin! I specifically built this plugin to be fast: most of the work is done in the back-end, which doesn’t harm your performance. First, take a look at this independent test: https://plugintests.com/plugins/really-simple-ssl/latest. You will see the test indicates that page speed impact is “insignificant”. This is what I found as well when testing for speed.