JSM’s Force SSL / HTTPS

FYI

  • Plugin Name: JSM's Force SSL / HTTPS
  • Stable Version: 1.2.0
  • Author: JS Morisset
  • Description: Fast, simple, safe and effective — force HTTP URLs to HTTPS using WordPress filters and permanent redirects.
  • License: GPLv3
  • Requires At Least: WordPress 3.8
  • Tested Up To: WordPress 4.9.1
  • Last Updated: 5 days ago
  • Plugin Homepage »

A fast, simple, safe and effective way to make sure that all HTTP URLs get rewritten / redirected to HTTPS — including the WordPress upload folder and plugin url paths. Simply activate the plugin and you're done. ;-)

This plugin is significantly different than most other plugins of its type (in a good way) — other plugins generally create an output filter using PHP's output buffering to search / replace URLs within the webpage document. Using an output filter is much slower (and error prone) than hooking WordPress filters and using permanent (301) redirects (which is considered best practive when moving from HTTP to HTTPS).

The plugin defines the following constants (if not already defined), then makes sure that all HTTP requests are rewritten / redirected to their HTTPS equivalent:

  • FORCE_SSL
  • FORCE_SSL_ADMIN
  • FORCE_SSL_LOGIN

The plugin also hooks the WordPress 'upload_dir' and 'plugins_url' filters to make sure that all URLs match the appropriate protocol.

The plugin checks and honors the following proxy / load-balancing web server variables:

  • HTTP_X_FORWARDED_PROTO
  • HTTP_X_FORWARDED_SSL

There are no plugin settings — simply install and activate the plugin.

Requirements

Your web server must be configured with an SSL certificate and able to handle HTTPS request. ;-)