SSL

Really Simple SSL 3.0 available for beta testing

Really Simple SSL 3.0 is almost ready to be released. A number of changes have been made to the plugin that we would like to have tested by the community before releasing it to the public. We have done extensive testing ourselves and haven’t found any issues, but testing on a lot of different servers and configurations would help us confirm our test results.

The technical changes only concern new activations, so should not impact existing sites. The main goal of this update was to improve the reliability of the certificate check, which is only activate when SSL is not enabled yet.

The following changes have been made in version 3.0:

  • Added a certificate check in the class-certificate.php file. This certificate checks if the site url is present in either the Common Names or the Alternative Names section of the certificate. If the plugin fails to detect the site url in either of these, a warning will be shown. The certificate class also checks if it can detect a wildcard certificate on multisite setups. If not, it will show a warning too
  • The .htaccess redirect option is now inserted with a $1 redirect instead of {REQUEST_URI}. On existing sites this will only be changed when the settings are saved, otherwise the current redirect will stay as it is. When extensive rewriting is done in the .htaccess, as can be the case with caching plugins for example, the REQUEST_URI can be different from the actual requested URL, while $1 stays the same.
  • The deactivate button now shows “deactivate (revert to http)” to notify users pressing it will revert the site back to http://.
  • If a user wants to deactivate the plugin while staying on SSL, this is now possible from the plugin settings page. This can be done with the ‘Deactivate but keep SSL’ button. Deactivating of course results in the plugin functionality not being available anymore. For details on this please read this article before using it.
  • A filter for the Javascript redirect has been added. This way theme developers can conditionally deactivate the javascript redirect, if enabled.
  • A sidebar with plugin suggestions from Really Simple Plugins projects has been added to the settings page of Really Simple SSL (only if the Really Simple SSL pro is not installed).

The Really Simple SSL 3.0 beta can be found on Github

Any feedback is much appreciated!

Related Articles

  • Really Simple SSL 2.5.23

    WordPress 4.9 was released this week. So we tested with the new version last week. No compatiblity issues with WordPress 4.9 were found. Additionally, we’ve added a test for the...
  • Really Simple SSL 2.3.8

    Some small but important tweaks were added to the latest release of 2.3.8. In previous versions, javascript was used as fallback when .htaccess redirects were not possible. A much better...
  • Websites now being blacklisted when not using SSL on sensitive data input fields

    Sucuri just published an interesting article that shows Google is starting to slowly force  SSL on all websites. The gist of it is: websites can now get blacklisted just for...
  • Improved multisite support for Really Simple SSL

    This Monday I noticed Really Simple SSL has passed 200 000 active installs! While 100 000 was a milestone, the speed in which the 200 000 was reached is a...