Lightweight plugin to ensure access via SSL/HTTPS. Uses 301 (permanent) redirects for SEO benefits. Optionally sets HSTS and forces canonical domain.
If your site has an SSL certificate you might find that you can access the site via both SSL (https) and non-SSL (http) URLs. This is a bad idea for security, and for SEO, as it can look like duplicate content on different URLs.
The answer to this is to redirect requests to non-SSL (http) URLs over to their SSL (https) equivalents using something called a 301 redirect. This tells the client (and search engines) that the resource they are looking for should always be accessed over SSL. This plugin offers two methods to achieve this:
Optionally, this plugin can also set HSTS headers for you, and make sure that all requests use the same hostname (i.e. fixing the issue where many sites can be accessed using both www. and non-www. URLs).
Plugins > Add New
in your WP Admin dashboard.blucube simple ssl redirects
.Install
button, then Activate
.blucube simple ssl redirects
in the WordPress Plugin Directory, and download it.simple-ssl-redirects
directory to your /wp-content/plugins/
directory.No. This plugin assumes you already have an SSL certificate installed, and that you are simply trying to ensure that all traffic uses HTTPS.
No, it does not fix any mixed content issues (resources such as scripts or images requested by your site using non-SSL URLs, which can cause warnings/broken padlock icons in address bars/loading of the resources being blocked) – although it might do so in the future.
The HTTP Strict Transport Security (HSTS) response header informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
Strict-Transport-Security reference on MDN
Depending on your configuration, your website might be accessible via both yourdomain.com
and www.yourdomain.com
. While using www. or not is personal preference, it’s usually a good idea to make sure that all visitors access your site using whichever hostname you have chosen.
Selecting this option achieves this by applying a 301 redirection that makes sure that requests use the hostname you have specified in WordPress Admin -> General Settings
.
This plugin checks your SSL certificate and warns you if it detects any issues, but if you enable it without a properly configured SSL certificate then you could end up not being able to access your website. If that happens please try the following: