When the built in deactivation does not work, manual uninstalling

Installing SSL can be tricky. For instance, if another plugin redirects to http or your SSL certificate is not valid; a redirect loop could occur, resulting in an inability to access the back-end. This plugin is shipped with a simple way to deactivate remotely, without access to the back-end. While this should always work, as a fall-back, this article describes how to manually revert to HTTP.

To know what we have to do, we have to know what the plugin does:

  1. Add fixes to the wp-config.php (when necessary).
  2. On Apache servers, if you enabled the .htaccess 301 redirect option, a .htaccess redirect.
  3. Change site and home URL to https.
  4. Dynamically fixes mixed content and adds a JavaScript redirect.

Summarizing, we have to roll back the wp-config.php, the .htaccess, and the site and home URL.

Item 4 is dynamic (does not change anything, only the output of your website). So, this will be taken care of by renaming the plugin file, which deactivates it.

This means that we have to do the following:

1) Deactivate the plugin

Deactivate the plugin by renaming the plugin folder.
Open your FTP client, navigate to /wp-content/plugins/ and rename the really-simple-ssl plugin to really-simple-ssl-off

2) If used, remove .htaccess redirect

Then, still in the FTP client, find your .htaccess file (make sure hidden files are shown), in the webroot, and remove all lines between these comments (and the comments themselves as well)

# BEGIN rlrssslReallySimpleSSL

and

# END rlrssslReallySimpleSSL

3) Remove changes in the wp-config.php

Now, still in your webroot, find your wp-config.php, open it and check if any lines were added by Really Simple SSL. If so, remove those lines.

Don’t forget to remove the reference to ‘advanced-headers.php’ if these are present.

4 a) Change site URL and home URL back to http://

Now, add the following lines to the functions.php file of your active theme. Make sure to replace the example domain with your own.

 update_option( 'siteurl', 'http://example.com' );
 update_option( 'home', 'http://example.com' );

You will find the functions.php file in /wp-content/themes/your-active-theme/functions.php.

Use a new browser (or clear your browser history completely), browse to your HTTP link, and check the result.

4b) Change site URL and home URL to http://, database method

If you can’t get it to work using method 4a, you can change the URL back to http directly in the database.

https://codex.wordpress.org/Changing_The_Site_URL. Scroll down to Changing the URL directly in the database and follow the instructions.

After following these steps, you can be sure the plugin does not affect your site anymore. If you are still having trouble, something else is affecting your site. In that case, try disabling plugins until it works again. Remember to keep clearing your browser cache.

If you have enabled HSTS, you have to clear it from your browser specifically.

Many issues stem from the fact that people forget the browser can be pretty persistent in remembering your site was on SSL. Sometimes a caching plugin can cause a lot of trouble as well.

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.