Description
WP Force SSL helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors without touching any code. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.
How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get WP Force SSL PRO and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.
Access WP Force SSL settings via the main Settings menu -> WP Force SSL.
SSL Tests available in the plugin
- is site on localhost?
- check SSL certificate
- check SSL certificate expiry date
- is latest version of Force SSL used?
- are known incompatible SSL plugins active?
- is WP address URL set for SSL?
- is WP home URL set for SSL?
- is SSL monitoring enabled (pro feature)
- is HTTPS redirection working?
- is file redirection working (pro feature)
- is HSTS enabled?
- check mixed-content issue (pro feature)
- is htaccess available & writable?
- is 404 redirection enabled (pro feature)
Settings
- redirect HTTP to HTTPS
- fix mixed-content (pro)
- enable HSTS
- force secure cookies (pro)
- cross-site scripting protection (pro)
- expect CT header
- X-Frame options
- show WP Force SSL menu in admin bar
- show WP Force SSL widget in admin dashboard
SSL certificate testing tool
WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.
Need support?
We’re here for you! Things get frustrating when they don’t work so make sure you open a support topic in the official Force SSL forum. We answer all questions within a few hours!
External Assets
A big thank you to SweetAlert2 authors which we use to make alerts nicer. And to DepositPhotos for the lovely header image.
Screenshots
Installation
- Open Plugins – Add New in WP admin and search for “WP Force SSL”
- Install and activate the plugin
- Open plugin settings via Settings – WP Force SSL
- Check provided tests and settings
FAQ
-
Who is this plugin for?
-
For anyone who has an SSL certificate installed on their site and wants to be sure all content is accessed (and redirected if needed) via a secure connection.
-
Do I need an SSL certificate for this to work?
-
Yes, you do need an SSL certificate. If you don’t have one you can buy WP Force SSL PRO which will generate an SSL certificate for free.
-
After activating WP Force SSL, do I need to do anything else?
-
No, nothing. After activating WP Force SSL, the main option “redirect SSL” will already be active. What you can do is use our tests to make sure everything related to SSL is working.
-
How can I report security bugs?
-
You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.
Reviews
Contributors & Developers
“WP Force SSL & HTTPS SSL Redirect” is open source software. The following people have contributed to this plugin.
Contributors“WP Force SSL & HTTPS SSL Redirect” has been translated into 17 locales. Thank you to the translators for their contributions.
Translate “WP Force SSL & HTTPS SSL Redirect” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
v1.67
- 2024/06/07
- Security fixes
v1.66
- 2024/03/26
- WordPress 6.5 and PHP 8.2 compatibility
v1.65
- 2022/01/12
- added admin Dashboard widget
v1.60
- 2021/12/28
- new GUI & features
- PRO version available
v1.57
- 2021/01/30
- added flyout menu
v1.56
- 2020/09/30
- minor bug fixes
- added promo for WP 301 Redirects PRO
- 602,200 downloads; 100,000 installations
v1.55
- 2020/01/22
- minor bug fixes
- 384,400 downloads; 90,000 installations
v1.5
- 2019/09/23
- complete rewrite of entire WP Force SSL plugin
- added support for HSTS
- 288,290 downloads; 80,000 installations
v1.4
- Changed function naming to avoid conflicts reported by users.
v1.3
- Dropping support for PHP 5.3: Only 15.9% of the people that use WordPress use PHP 5.3, it reached end of life and you should ask your host to upgrade.
v1.2.1
- Fixed an issue where some users were getting a error message for no valid header when activating the plugin.
v1.2
- Dropping support for PHP 5.2: Only 5.7% of the people that use WordPress use PHP 5.2, it’s old, buggy, and insecure.
v0.1
- 2015/01/15
- initial release