Over the past few weeks we have made a number of improvements to the free Really Simple SSL plugin. The 3.1.0 version of Really Simple SSL is released as of today, community feedback is much appreciated. This version includes the following tweaks and fixes:
- Tweak: added HTTP_X_PROTO as supported header
These headers are used to detect if a request is an SSL request. If not, the request should get redirected to https. WordPress can only detect $_SERVER[‘https’]=’on’, so if there’s another header, this one needs to be set in the code to prevent WordPress from getting into a redirect loop.
- Tweak: split HTTP_X_FORWARDED_SSL .htaccess redirect into a variation which can be either ‘1’ or ‘on’
- Tweak: improved certificate detection by stripping domains of subfolders.
- Tweak: Multisite bulk SSL activation now chunked in 200 site blocks, to prevent time out issues on large multisite networks.
As until now, network wide activation was done in one go, this could cause timeout issues when there were more than 2000 sites.
- Tweak: a ‘leave review’ notice for new free users.
Any testing and feedback is more than welcome! The dev version of the plugin can be accessed on github: