WP Force SSL & HTTPS SSL Redirect

Description

WP Force SSL helps you redirect insecure HTTP traffic to secure HTTPS and fix SSL errors without touching any code. Activate Force SSL and everything will be set and SSL enabled. The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.

How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so login to your hosting panel and add SSL certificate. You’ll see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site with WP Force SSL. If that doesn’t work get WP Force SSL PRO and it’ll generate free SSL certificate for your site. And will regenerate SSL certificate every 90 days.

Access WP Force SSL settings via the main Settings menu -> WP Force SSL.

SSL Tests available in the plugin

  • is site on localhost?
  • check SSL certificate
  • check SSL certificate expiry date
  • is latest version of Force SSL used?
  • are known incompatible SSL plugins active?
  • is WP address URL set for SSL?
  • is WP home URL set for SSL?
  • is SSL monitoring enabled (pro feature)
  • is HTTPS redirection working?
  • is file redirection working (pro feature)
  • is HSTS enabled?
  • check mixed-content issue (pro feature)
  • is htaccess available & writable?
  • is 404 redirection enabled (pro feature)

Settings

  • redirect HTTP to HTTPS
  • fix mixed-content (pro)
  • enable HSTS
  • force secure cookies (pro)
  • cross-site scripting protection (pro)
  • expect CT header
  • X-Frame options
  • show WP Force SSL menu in admin bar
  • show WP Force SSL widget in admin dashboard

SSL certificate testing tool

WP Force SSL comes with an SSL certificate testing tool. It tests if the SSL certificate is valid, properly installed & up-to date.

Need support?

We’re here for you! Things get frustrating when they don’t work so make sure you open a support topic in the official Force SSL forum. We answer all questions within a few hours!

External Assets

A big thank you to SweetAlert2 authors which we use to make alerts nicer. And to DepositPhotos for the lovely header image.

Screenshots

  • Built-in tests verify your SSL configuration
  • SSL settings
  • SSL certificate tester

Installation

  1. Open Plugins – Add New in WP admin and search for “WP Force SSL”
  2. Install and activate the plugin
  3. Open plugin settings via Settings – WP Force SSL
  4. Check provided tests and settings

FAQ

Who is this plugin for?

For anyone who has an SSL certificate installed on their site and wants to be sure all content is accessed (and redirected if needed) via a secure connection.

Do I need an SSL certificate for this to work?

Yes, you do need an SSL certificate. If you don’t have one you can buy WP Force SSL PRO which will generate an SSL certificate for free.

After activating WP Force SSL, do I need to do anything else?

No, nothing. After activating WP Force SSL, the main option “redirect SSL” will already be active. What you can do is use our tests to make sure everything related to SSL is working.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

Reviews

July 23, 2024
My host provides SSL for my domain. So it is nice to find a plugin that does not try to force me to change the source of my SSL services. Plus this works out of the box. Nothing breaks. Visited my site with my PC, Android devices, and iPhone w/o using https. Every attempt successfully redirected me to https. No longer getting errors on browsers saying my site does not use SSL, when in fact it does. The user simply did not know to enter https. Now this makes the process seamless. For them and me. Thx !
October 7, 2023
useless and dangerous in free version , i deleted it and everything is fine , whole website was hit
October 6, 2023
This is a feature-limited demo and should be advertised as such. About 85% of UI’s screen space is taken up by elements that exist only to nag you to BUY PRO BUY PRO BUY PRO.The author intentionally uses inconsistent marking of PRO features to make it harder for you to learn to distinguish them visually from free features and avoid interacting with them. Some items are clearly marked. Others are marked with the word “PRO” buried at a random place in the description text. Yet others are blurred, and you don’t know if it’s because it’s a PRO feature or because you need to click that green button below to go to the initial setup of the feature (hehe no, it whacks you over the head with a BUY BUY BUY popup). Yet others are not marked at all, and you don’t learn that it’s a PRO feature until you see the BUY BUY BUY nag.
August 25, 2023
I bought WP Force SSL PRO not even a year ago as an agency lifetime license for more then $140,- Now it was the first time that I asked for their support, because the plugin blocks a function in LayerSlider (fullscreen mode for videos). The support team from WebFactory doesn’t care at all. Their simple answer is „Unfortunately, we can’t help with 3rd party plugins“. They didn’t even take a look at that issue. So don’t waste your money on this, they just won’t care for you at all. Edit: after this post, the lead developer took a look at the topic, and guess what? It was just ONE little setting that needed to get changed. I just had to switch off the Permissions Policy and everything works fine. So that’s why I am giving 2 stars now: the plugin works fine (Pro version), the support is the worst I have experienced so far among the WP community, especially for a paid plugin.
Read all 175 reviews

Contributors & Developers

“WP Force SSL & HTTPS SSL Redirect” is open source software. The following people have contributed to this plugin.

Contributors

“WP Force SSL & HTTPS SSL Redirect” has been translated into 17 locales. Thank you to the translators for their contributions.

Translate “WP Force SSL & HTTPS SSL Redirect” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

v1.67

  • 2024/06/07
  • Security fixes

v1.66

  • 2024/03/26
  • WordPress 6.5 and PHP 8.2 compatibility

v1.65

  • 2022/01/12
  • added admin Dashboard widget

v1.60

  • 2021/12/28
  • new GUI & features
  • PRO version available

v1.57

  • 2021/01/30
  • added flyout menu

v1.56

  • 2020/09/30
  • minor bug fixes
  • added promo for WP 301 Redirects PRO
  • 602,200 downloads; 100,000 installations

v1.55

  • 2020/01/22
  • minor bug fixes
  • 384,400 downloads; 90,000 installations

v1.5

  • 2019/09/23
  • complete rewrite of entire WP Force SSL plugin
  • added support for HSTS
  • 288,290 downloads; 80,000 installations

v1.4

  • Changed function naming to avoid conflicts reported by users.

v1.3

  • Dropping support for PHP 5.3: Only 15.9% of the people that use WordPress use PHP 5.3, it reached end of life and you should ask your host to upgrade.

v1.2.1

  • Fixed an issue where some users were getting a error message for no valid header when activating the plugin.

v1.2

  • Dropping support for PHP 5.2: Only 5.7% of the people that use WordPress use PHP 5.2, it’s old, buggy, and insecure.

v0.1

  • 2015/01/15
  • initial release