SSL

Really Simple SSL 3.1.0

Over the past few weeks we have made a number of improvements to the free Really Simple SSL plugin. The 3.1.0 version of Really Simple SSL is released as of today, community feedback is much appreciated. This version includes the following tweaks and fixes:

  • Tweak: added HTTP_X_PROTO as supported header
    These headers are used to detect if a request is an SSL request. If not, the request should get redirected to https. WordPress can only detect $_SERVER[‘https’]=’on’, so if there’s another header, this one needs to be set in the code to prevent WordPress from getting into a redirect loop.
  • Tweak: split HTTP_X_FORWARDED_SSL .htaccess redirect into a variation which can be either ‘1’ or ‘on’
  • Tweak: improved certificate detection by stripping domains of subfolders.
  • Tweak: Multisite bulk SSL activation now chunked in 200 site blocks, to prevent time out issues on large multisite networks.
    As until now, network wide activation was done in one go, this could cause timeout issues when there were more than 2000 sites.
  • Tweak: a ‘leave review’ notice for new free users.

Any testing and feedback is more than welcome! The dev version of the plugin can be accessed on github:

https://github.com/rlankhorst/really-simple-ssl

Related Articles

  • New plugin published on WordPress: Guest Post Publisher

    Today I’ve released a new plugin on WordPress: Guest Post Publisher. Just like the name says, you can use it to let your website visitors post guest posts. The reason...
  • Really Simple SSL and Gutenberg

    Gutenberg In the WordPress community a lot is being said about the upcoming release, which includes the new Gutenberg editor. Not all of it very enthusiastic. It is understandable, because...
  • Really Simple SSL 2.5.26

    In Really Simple SSL 2.5.26 a few minor multisite issues were fixed. When a multisite environment has a main site without SSL, the network SSL menu didn’t show. This is...
  • Really Simple SSL 2.5.14, minor update

    2.5.14 was released today, with two adjustments: A bug was discovered in the mixed content fixer, where a match was found on http links across html elements when newlines were removed...