When searching for a plugin on WordPress.org, I’m always surprised by the number of results — many plugins appear to be similar, or even identical, but if you look at their PHP code, those similarities quickly evaporate. This was the case recently when I was looking for a simple plugin to redirect HTTP URLs to HTTPS. Some plugins were way too basic / incomplete in their logic, while others looked like a pile of spaghetti code with the kitchen sink thrown in there somewhere. :)
JSM Force SSL / HTTPS is my take on a simple WordPress plugin to redirect HTTP URLs to HTTPS. ;-)
The plugin defines the FORCE_SSL, FORCE_SSL_ADMIN, and FORCE_SSL_LOGIN constants, then makes sure that all front-end HTTP requests are redirected to their HTTPS equivalent.
The plugin also hooks the WordPress ‘upload_dir’ filter to make sure that all upload directory URLs match the current webpage protocol.
The plugin checks and honors the proxy / load-balancing HTTP_X_FORWARDED_PROTO and HTTP_X_FORWARDED_SSL web server variables.
There are no plugin settings — simply install and activate the plugin.
Requirements
Your web server must be configured with an SSL certificate and able to handle HTTPS request. ;-)
