Last Chance: Cyber Monday 40% OFF



When the built in deactivation does not work, manual uninstalling

Tackle WordPress weaknesses and fortify your website Learn more

Installing SSL can be tricky. If another plugin redirects to http or your certificate is not valid, a redirect loop could occur, resulting in a not accessible back-end. This plugin is shipped with a simple way to deactivate remotely, without access to the back-end. Though this should always work, as a fall-back I’ll describe how you can remove all aspects of this plugin.

To know what we have to do, we have to know what the plugin does:

  1. Add fixes to the wp-config.php (when necessary).
  2. On Apache servers, if you enabled the htaccess redirect option, a .htaccess redirect.
  3. Change site and home URL to https.
  4. Dynamically fixes mixed content and adds javascript redirect.

So summarising, we have to roll back the wp-config.php, the .htaccess, and the site and home URL.

Item 4 is dynamic (does not change anything, only the output of your website). So, this will be taken care of by renaming the plugin file, which deactivates it.

So we have to do the following:

1) Deactivate the plugin

Deactivate the plugin by renaming the plugin folder.
Open your FTP client, navigate to wp-content/plugins/ and rename the really-simple-ssl plugin to really-simple-ssl-off

2) If used, remove .htaccess redirect

Then, still in the FTP client, find your .htaccess file (make sure hidden files are shown), in the webroot, and remove all lines between these comments (and the comments themselves as well)

# BEGIN rlrssslReallySimpleSSL


# END rlrssslReallySimpleSSL

3) Remove changes in the wp-config.php

Now, still in your webroot, find your wp-config.php, open it and check if any lines were added by Really Simple SSL. If so, remove those lines.

Don’t forget to remove the reference to ‘advanced-headers.php’ if these are present.

4 a) Change site URL and home URL back to http://

Now, add

 update_option( 'siteurl', '' );
 update_option( 'home', '' );

To your functions.php. You can find the functions.php in wp-content/themes/your-active-theme/functions.php.

Use a new browser (or clear your browser history completely), browse to your HTTP link, and check the result.

4b) Change site URL and home URL to http://, database method

If you can’t get it to work using method 4a, you can change the URL back to http directly in the database. Scroll down to Changing the URL directly in the database and follow the instructions.

After following these steps, you can be sure the plugin does not affect your site anymore. If you are still having trouble, something else is affecting your site. In that case, try disabling plugins until it works again. Remember to keep clearing your browser cache.

If you have enabled HSTS, you have to clear it from your browser specifically.

Many issues stem from the fact that people forget the browser can be pretty persistent in remembering your site was on SSL. Sometimes a caching plugin can cause a lot of trouble as well.

Advanced Security

Tackle WordPress weaknesses and fortify your website. New hardening features!


Want to know the in and outs of security jargon? Get to know our features.

Premium support will offer assistance in 24 hours. If you need help, or have any questions just contact our awesome support team/

Related articles

WP Config fix needed

WP Config fix needed in some cases your wp-config.php requires some changes before SSL will work correctly. This usually happens when your site is behind

Read More

Fatal error on settings page

On some servers, we’ve seen a critical error on the settings page. The debug log showed this error: Fatal error: [disabled_function] Aborted execution on call

Read More