Version Description
- Fix: "switch mixed content fixer hook" option not visible on the multisites settings page
- Tweak: several typo's and uppercasing
Download this release
Release Info
Developer | RogierLankhorst |
Plugin | Really Simple SSL |
Version | 2.5.25 |
Comparing to | |
See all releases |
Code changes from version 2.5.24 to 2.5.25
- class-admin.php +43 -41
- class-cache.php +1 -1
- class-front-end.php +162 -155
- class-help.php +1 -1
- class-mixed-content-fixer.php +1 -1
- class-multisite.php +16 -16
- class-server.php +1 -1
- force-deactivate.txt +1 -1
- readme.txt +25 -21
- rlrsssl-really-simple-ssl.php +6 -6
- ssl-test-page.php +1 -1
- testssl/cdn/ssl-test-page.html +1 -1
- testssl/cloudflare/ssl-test-page.html +1 -1
- testssl/cloudfront/ssl-test-page.html +1 -1
- testssl/envhttps/ssl-test-page.html +1 -1
- testssl/loadbalancer/ssl-test-page.html +1 -1
- testssl/serverhttps1/ssl-test-page.html +1 -1
- testssl/serverhttpson/ssl-test-page.html +1 -1
- testssl/serverport443/ssl-test-page.html +1 -1
class-admin.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
|
4 |
class rsssl_admin extends rsssl_front_end {
|
5 |
|
@@ -112,7 +112,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
112 |
}
|
113 |
}
|
114 |
|
115 |
-
//when
|
116 |
add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);
|
117 |
|
118 |
add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);
|
@@ -166,7 +166,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
166 |
|
167 |
|
168 |
/*
|
169 |
-
checks if the user just clicked the "activate
|
170 |
*/
|
171 |
|
172 |
private function clicked_activate_ssl() {
|
@@ -216,7 +216,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
216 |
}
|
217 |
|
218 |
/*
|
219 |
-
This message is shown when no
|
220 |
*/
|
221 |
|
222 |
public function show_notice_activate_ssl(){
|
@@ -241,7 +241,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
241 |
$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
|
242 |
?>
|
243 |
<div id="message" class="error fade notice activate-ssl">
|
244 |
-
<p><?php _e("No SSL was detected. If you do have an
|
245 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
246 |
</p>
|
247 |
</div>
|
@@ -255,7 +255,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
255 |
<p>
|
256 |
<ul>
|
257 |
<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
|
258 |
-
<li><?php _e('Images, stylesheets or scripts from a domain without an
|
259 |
</ul>
|
260 |
</p>
|
261 |
<?php $this->show_pro(); ?>
|
@@ -371,7 +371,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
371 |
}
|
372 |
|
373 |
/**
|
374 |
-
* Creates an array of all domains where the plugin is active AND
|
375 |
*
|
376 |
* @since 2.1
|
377 |
*
|
@@ -381,7 +381,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
381 |
|
382 |
public function build_domain_list() {
|
383 |
if (!is_multisite()) return;
|
384 |
-
//create list of all activated
|
385 |
$this->sites = array();
|
386 |
$sites = $this->get_sites_bw_compatible();
|
387 |
if ($this->debug) $this->trace_log("building domain list for multisite...");
|
@@ -440,7 +440,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
440 |
}
|
441 |
|
442 |
/**
|
443 |
-
* Configures the site for
|
444 |
*
|
445 |
* @since 2.2
|
446 |
*
|
@@ -709,7 +709,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
|
|
709 |
|
710 |
|
711 |
/**
|
712 |
-
* Getting
|
713 |
*
|
714 |
* @since 2.1
|
715 |
*
|
@@ -767,7 +767,7 @@ protected function get_server_variable_fix_code(){
|
|
767 |
}
|
768 |
|
769 |
if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
|
770 |
-
if ($this->debug) $this->trace_log("no sites left with
|
771 |
return "";
|
772 |
}
|
773 |
|
@@ -957,7 +957,7 @@ protected function get_server_variable_fix_code(){
|
|
957 |
|
958 |
|
959 |
/**
|
960 |
-
* Checks if we are currently on
|
961 |
*
|
962 |
* @since 2.0
|
963 |
*
|
@@ -1004,7 +1004,7 @@ protected function get_server_variable_fix_code(){
|
|
1004 |
$this->trace_log("plugin version: ".rsssl_version);
|
1005 |
$old_ssl_setting = $this->site_has_ssl;
|
1006 |
$filecontents = "";
|
1007 |
-
//if current page is on
|
1008 |
if($this->is_ssl_extended()){
|
1009 |
$this->trace_log("Already on SSL, start detecting configuration");
|
1010 |
$this->site_has_ssl = TRUE;
|
@@ -1012,7 +1012,7 @@ protected function get_server_variable_fix_code(){
|
|
1012 |
//we're not on SSL, or no server vars were returned, so test with the test-page.
|
1013 |
//plugin url: domain.com/wp-content/etc
|
1014 |
$testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
|
1015 |
-
$this->trace_log("Opening testpage to check for
|
1016 |
|
1017 |
$response = wp_remote_get( $testpage_url );
|
1018 |
|
@@ -1030,12 +1030,12 @@ protected function get_server_variable_fix_code(){
|
|
1030 |
$this->site_has_ssl = FALSE;
|
1031 |
$error = "";
|
1032 |
if (is_wp_error( $response ) ) $error = $response->get_error_message();
|
1033 |
-
$this->trace_log("No
|
1034 |
}
|
1035 |
}
|
1036 |
|
1037 |
if ($this->site_has_ssl) {
|
1038 |
-
//check the type of
|
1039 |
if ((strpos($filecontents, "#CLOUDFRONT#") !== false) || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
|
1040 |
$this->ssl_type = "CLOUDFRONT";
|
1041 |
} elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) || (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {
|
@@ -1077,7 +1077,7 @@ protected function get_server_variable_fix_code(){
|
|
1077 |
}
|
1078 |
}
|
1079 |
|
1080 |
-
$this->trace_log("
|
1081 |
}
|
1082 |
$this->check_for_siteurl_in_wpconfig();
|
1083 |
|
@@ -1146,7 +1146,7 @@ protected function get_server_variable_fix_code(){
|
|
1146 |
if (is_wp_error( $response )) {
|
1147 |
$this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
|
1148 |
} else {
|
1149 |
-
$this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/
|
1150 |
}
|
1151 |
}
|
1152 |
}
|
@@ -1287,7 +1287,7 @@ protected function get_server_variable_fix_code(){
|
|
1287 |
|
1288 |
|
1289 |
/*
|
1290 |
-
* Checks if the htaccess contains the
|
1291 |
*
|
1292 |
*/
|
1293 |
|
@@ -1324,7 +1324,7 @@ protected function get_server_variable_fix_code(){
|
|
1324 |
}
|
1325 |
|
1326 |
/**
|
1327 |
-
* Checks if the
|
1328 |
* Set the hsts variable in the db accordingly. applies to preload version as well.
|
1329 |
*
|
1330 |
* @since 2.1
|
@@ -1377,7 +1377,7 @@ protected function get_server_variable_fix_code(){
|
|
1377 |
|
1378 |
//check if editing is blocked.
|
1379 |
if ($this->do_not_edit_htaccess) {
|
1380 |
-
$this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in
|
1381 |
return;
|
1382 |
}
|
1383 |
|
@@ -1424,7 +1424,7 @@ protected function get_server_variable_fix_code(){
|
|
1424 |
|
1425 |
$rules = $this->get_redirect_rules();
|
1426 |
|
1427 |
-
//insert rules before
|
1428 |
$wptag = "# BEGIN WordPress";
|
1429 |
if (strpos($htaccess, $wptag)!==false) {
|
1430 |
$htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
|
@@ -1476,7 +1476,7 @@ protected function get_server_variable_fix_code(){
|
|
1476 |
public function get_redirect_rules($manual=false) {
|
1477 |
if (!current_user_can($this->capability)) return;
|
1478 |
$this->trace_log("retrieving redirect rules");
|
1479 |
-
//only add the redirect rules when a known type of
|
1480 |
$rule = "";
|
1481 |
|
1482 |
//if the htaccess test was successfull, and we know the redirectype, edit
|
@@ -1491,7 +1491,7 @@ protected function get_server_variable_fix_code(){
|
|
1491 |
//$last_type = array_pop($types);
|
1492 |
// reset($this->ssl_type);
|
1493 |
// $type = key($this->ssl_type);
|
1494 |
-
//select rewrite condition based on detected type of
|
1495 |
//foreach($this->ssl_type as $type => $value) {
|
1496 |
$or = "";
|
1497 |
//if ($last_type != $type) $or = " [OR] ";
|
@@ -1604,7 +1604,7 @@ public function show_notice_wpconfig_needs_fixes(){ ?>
|
|
1604 |
|
1605 |
if ( $this->no_server_variable ) {
|
1606 |
?>
|
1607 |
-
<p><?php echo __('Because your server does not pass a variable with which
|
1608 |
<p><?php echo __("Set your wp-config.php to writable and reload this page.", "really-simple-ssl");?></p>
|
1609 |
<?php
|
1610 |
}
|
@@ -1635,7 +1635,7 @@ public function show_notices()
|
|
1635 |
?>
|
1636 |
<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
|
1637 |
<p>
|
1638 |
-
<?php echo __("
|
1639 |
<a href="options-general.php?page=rlrsssl_really_simple_ssl"><?php echo __("View settings page","really-simple-ssl");?></a>
|
1640 |
</p>
|
1641 |
</div>
|
@@ -1676,15 +1676,15 @@ public function show_notices()
|
|
1676 |
<?php
|
1677 |
}
|
1678 |
|
1679 |
-
//some notices for
|
1680 |
if ($this->site_has_ssl) {
|
1681 |
if (sizeof($this->plugin_conflict)>0) {
|
1682 |
-
//pre
|
1683 |
if (isset($this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"]) && $this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"] && isset($this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) && $this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) {
|
1684 |
?>
|
1685 |
<div id="message" class="error fade notice"><p>
|
1686 |
<?php _e("Really Simple SSL has a conflict with another plugin.","really-simple-ssl");?><br>
|
1687 |
-
<?php _e("The force http after leaving checkout in
|
1688 |
<a href="admin.php?page=wc-settings&tab=checkout"><?php _e("Show me this setting","really-simple-ssl");?></a>
|
1689 |
</p></div>
|
1690 |
<?php
|
@@ -1694,7 +1694,7 @@ public function show_notices()
|
|
1694 |
}
|
1695 |
|
1696 |
/**
|
1697 |
-
* Insert some ajax script to
|
1698 |
*
|
1699 |
* @since 2.0
|
1700 |
*
|
@@ -1759,7 +1759,7 @@ public function insert_dismiss_htaccess() {
|
|
1759 |
*/
|
1760 |
|
1761 |
public function dismiss_success_message_callback() {
|
1762 |
-
//nonce check fails if url is changed to
|
1763 |
//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
|
1764 |
$this->ssl_success_message_shown = TRUE;
|
1765 |
$this->save_options();
|
@@ -1907,7 +1907,7 @@ public function settings_page() {
|
|
1907 |
if ($mixed_content_fixer_detected) {
|
1908 |
_e("Mixed content fixer was successfully detected on the front-end","really-simple-ssl")." ";
|
1909 |
} else {
|
1910 |
-
_e('The mixed content fixer is
|
1911 |
echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
|
1912 |
_e('Instructions', 'really-simple-ssl');
|
1913 |
echo '</a>';
|
@@ -1975,6 +1975,7 @@ public function settings_page() {
|
|
1975 |
/*
|
1976 |
Second tab, Settings
|
1977 |
*/
|
|
|
1978 |
?>
|
1979 |
<form action="options.php" method="post">
|
1980 |
<?php
|
@@ -2041,7 +2042,7 @@ public function settings_page() {
|
|
2041 |
}
|
2042 |
|
2043 |
/**
|
2044 |
-
* Returns a
|
2045 |
*
|
2046 |
* @since 2.0
|
2047 |
*
|
@@ -2142,10 +2143,10 @@ public function configuration_page_more(){
|
|
2142 |
} else {
|
2143 |
if (!$this->ssl_enabled) { ?>
|
2144 |
<p><?php _e("If you want to be sure you're ready to migrate to SSL, get Premium, which includes an extensive scan and premium support.", "really-simple-ssl")?>
|
2145 |
-
<a target="_blank" href="<?php echo $this->pro_url?>"
|
2146 |
<?php } else { ?>
|
2147 |
<p><?php _e('Still having issues with mixed content? Check out Premium, which includes an extensive scan and premium support. ', "really-simple-ssl")?>
|
2148 |
-
<a target="_blank" href="<?php echo $this->pro_url?>"
|
2149 |
<?php
|
2150 |
}
|
2151 |
}
|
@@ -2165,7 +2166,7 @@ public function create_form(){
|
|
2165 |
add_settings_section('rlrsssl_settings', __("Settings","really-simple-ssl"), array($this,'section_text'), 'rlrsssl');
|
2166 |
add_settings_field('id_autoreplace_insecure_links', __("Auto replace mixed content","really-simple-ssl"), array($this,'get_option_autoreplace_insecure_links'), 'rlrsssl', 'rlrsssl_settings');
|
2167 |
|
2168 |
-
//only show option to enable or disable mixed content and redirect when
|
2169 |
if($this->ssl_enabled) {
|
2170 |
add_settings_field('id_wp_redirect', __("Enable WordPress 301 redirection to SSL","really-simple-ssl"), array($this,'get_option_wp_redirect'), 'rlrsssl', 'rlrsssl_settings');
|
2171 |
|
@@ -2174,16 +2175,17 @@ public function create_form(){
|
|
2174 |
add_settings_field('id_htaccess_redirect', __("Enable 301 .htaccess redirect","really-simple-ssl"), array($this,'get_option_htaccess_redirect'), 'rlrsssl', 'rlrsssl_settings');
|
2175 |
}
|
2176 |
|
2177 |
-
add_settings_field('id_javascript_redirect', __("Enable
|
2178 |
}
|
2179 |
|
2180 |
add_settings_field('id_debug', __("Debug","really-simple-ssl"), array($this,'get_option_debug'), 'rlrsssl', 'rlrsssl_settings');
|
2181 |
//on multisite this setting can only be set networkwide
|
2182 |
if (RSSSL()->rsssl_server->uses_htaccess() && !is_multisite()) {
|
2183 |
add_settings_field('id_do_not_edit_htaccess', __("Stop editing the .htaccess file","really-simple-ssl"), array($this,'get_option_do_not_edit_htaccess'), 'rlrsssl', 'rlrsssl_settings');
|
2184 |
-
add_settings_field('id_switch_mixed_content_fixer_hook', __("Switch mixed content fixer hook","really-simple-ssl"), array($this,'get_option_switch_mixed_content_fixer_hook'), 'rlrsssl', 'rlrsssl_settings');
|
2185 |
-
|
2186 |
}
|
|
|
|
|
|
|
2187 |
}
|
2188 |
/**
|
2189 |
* Insert some explanation above the form
|
@@ -2371,7 +2373,7 @@ public function get_option_wp_redirect() {
|
|
2371 |
|
2372 |
if ($this->htaccess_redirect && (!is_writable($this->ABSpath.".htaccess") || !$this->htaccess_test_success)) {
|
2373 |
echo "<br><br>";
|
2374 |
-
if (!is_writable($this->ABSpath.".htaccess")) _e("The .htaccess file is not writable. Add these lines to your .htaccess manually, or set
|
2375 |
if (!$this->htaccess_test_success) _e("The .htaccess redirect rules that were selected by this plugin failed in the test. The following redirect rules were tested:", "really-simple-ssl");
|
2376 |
echo "<br><br>";
|
2377 |
if ($this->ssl_type!="NA") {
|
@@ -2553,7 +2555,7 @@ public function getABSPATH(){
|
|
2553 |
}
|
2554 |
|
2555 |
/**
|
2556 |
-
* Find if this
|
2557 |
*
|
2558 |
* @since 2.0
|
2559 |
*
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
class rsssl_admin extends rsssl_front_end {
|
5 |
|
112 |
}
|
113 |
}
|
114 |
|
115 |
+
//when SSL is enabled, and not enabled by user, ask for activation.
|
116 |
add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);
|
117 |
|
118 |
add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);
|
166 |
|
167 |
|
168 |
/*
|
169 |
+
checks if the user just clicked the "activate SSL" button.
|
170 |
*/
|
171 |
|
172 |
private function clicked_activate_ssl() {
|
216 |
}
|
217 |
|
218 |
/*
|
219 |
+
This message is shown when no SSL is not enabled by the user yet
|
220 |
*/
|
221 |
|
222 |
public function show_notice_activate_ssl(){
|
241 |
$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
|
242 |
?>
|
243 |
<div id="message" class="error fade notice activate-ssl">
|
244 |
+
<p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
|
245 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
246 |
</p>
|
247 |
</div>
|
255 |
<p>
|
256 |
<ul>
|
257 |
<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
|
258 |
+
<li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li>
|
259 |
</ul>
|
260 |
</p>
|
261 |
<?php $this->show_pro(); ?>
|
371 |
}
|
372 |
|
373 |
/**
|
374 |
+
* Creates an array of all domains where the plugin is active AND SSL is active, only used for multisite.
|
375 |
*
|
376 |
* @since 2.1
|
377 |
*
|
381 |
|
382 |
public function build_domain_list() {
|
383 |
if (!is_multisite()) return;
|
384 |
+
//create list of all activated sites with SSL
|
385 |
$this->sites = array();
|
386 |
$sites = $this->get_sites_bw_compatible();
|
387 |
if ($this->debug) $this->trace_log("building domain list for multisite...");
|
440 |
}
|
441 |
|
442 |
/**
|
443 |
+
* Configures the site for SSL
|
444 |
*
|
445 |
* @since 2.2
|
446 |
*
|
709 |
|
710 |
|
711 |
/**
|
712 |
+
* Getting WordPress to recognize setup as being SSL when no https server variable is available
|
713 |
*
|
714 |
* @since 2.1
|
715 |
*
|
767 |
}
|
768 |
|
769 |
if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
|
770 |
+
if ($this->debug) $this->trace_log("no sites left with SSL, wp config server variable fix skipped");
|
771 |
return "";
|
772 |
}
|
773 |
|
957 |
|
958 |
|
959 |
/**
|
960 |
+
* Checks if we are currently on SSL protocol, but extends standard wp with loadbalancer check.
|
961 |
*
|
962 |
* @since 2.0
|
963 |
*
|
1004 |
$this->trace_log("plugin version: ".rsssl_version);
|
1005 |
$old_ssl_setting = $this->site_has_ssl;
|
1006 |
$filecontents = "";
|
1007 |
+
//if current page is on SSL, we can assume SSL is available, even when an errormsg was returned
|
1008 |
if($this->is_ssl_extended()){
|
1009 |
$this->trace_log("Already on SSL, start detecting configuration");
|
1010 |
$this->site_has_ssl = TRUE;
|
1012 |
//we're not on SSL, or no server vars were returned, so test with the test-page.
|
1013 |
//plugin url: domain.com/wp-content/etc
|
1014 |
$testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
|
1015 |
+
$this->trace_log("Opening testpage to check for SSL: ".$testpage_url);
|
1016 |
|
1017 |
$response = wp_remote_get( $testpage_url );
|
1018 |
|
1030 |
$this->site_has_ssl = FALSE;
|
1031 |
$error = "";
|
1032 |
if (is_wp_error( $response ) ) $error = $response->get_error_message();
|
1033 |
+
$this->trace_log("No SSL detected. No certificate, or the testpage is blocked by security settings. The SSL testpage returned the error: ".$error);
|
1034 |
}
|
1035 |
}
|
1036 |
|
1037 |
if ($this->site_has_ssl) {
|
1038 |
+
//check the type of SSL, either by parsing the returned string, or by reading the server vars.
|
1039 |
if ((strpos($filecontents, "#CLOUDFRONT#") !== false) || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
|
1040 |
$this->ssl_type = "CLOUDFRONT";
|
1041 |
} elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) || (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {
|
1077 |
}
|
1078 |
}
|
1079 |
|
1080 |
+
$this->trace_log("SSL type: ".$this->ssl_type);
|
1081 |
}
|
1082 |
$this->check_for_siteurl_in_wpconfig();
|
1083 |
|
1146 |
if (is_wp_error( $response )) {
|
1147 |
$this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
|
1148 |
} else {
|
1149 |
+
$this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/SSL");
|
1150 |
}
|
1151 |
}
|
1152 |
}
|
1287 |
|
1288 |
|
1289 |
/*
|
1290 |
+
* Checks if the htaccess contains the Really Simple SSL comment.
|
1291 |
*
|
1292 |
*/
|
1293 |
|
1324 |
}
|
1325 |
|
1326 |
/**
|
1327 |
+
* Checks if the HSTS rule is already in the htaccess file
|
1328 |
* Set the hsts variable in the db accordingly. applies to preload version as well.
|
1329 |
*
|
1330 |
* @since 2.1
|
1377 |
|
1378 |
//check if editing is blocked.
|
1379 |
if ($this->do_not_edit_htaccess) {
|
1380 |
+
$this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in Really Simple SSL.");
|
1381 |
return;
|
1382 |
}
|
1383 |
|
1424 |
|
1425 |
$rules = $this->get_redirect_rules();
|
1426 |
|
1427 |
+
//insert rules before WordPress part.
|
1428 |
$wptag = "# BEGIN WordPress";
|
1429 |
if (strpos($htaccess, $wptag)!==false) {
|
1430 |
$htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
|
1476 |
public function get_redirect_rules($manual=false) {
|
1477 |
if (!current_user_can($this->capability)) return;
|
1478 |
$this->trace_log("retrieving redirect rules");
|
1479 |
+
//only add the redirect rules when a known type of SSL was detected. Otherwise, we use https.
|
1480 |
$rule = "";
|
1481 |
|
1482 |
//if the htaccess test was successfull, and we know the redirectype, edit
|
1491 |
//$last_type = array_pop($types);
|
1492 |
// reset($this->ssl_type);
|
1493 |
// $type = key($this->ssl_type);
|
1494 |
+
//select rewrite condition based on detected type of SSL
|
1495 |
//foreach($this->ssl_type as $type => $value) {
|
1496 |
$or = "";
|
1497 |
//if ($last_type != $type) $or = " [OR] ";
|
1604 |
|
1605 |
if ( $this->no_server_variable ) {
|
1606 |
?>
|
1607 |
+
<p><?php echo __('Because your server does not pass a variable with which WordPress can detect SSL, WordPress may create redirect loops on SSL.','really-simple-ssl');?></p>
|
1608 |
<p><?php echo __("Set your wp-config.php to writable and reload this page.", "really-simple-ssl");?></p>
|
1609 |
<?php
|
1610 |
}
|
1635 |
?>
|
1636 |
<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
|
1637 |
<p>
|
1638 |
+
<?php echo __("You do not have a 301 redirect to https active in the settings. For SEO purposes it is advised to use 301 redirects. You can enable a 301 redirect in the settings.","really-simple-ssl");?>
|
1639 |
<a href="options-general.php?page=rlrsssl_really_simple_ssl"><?php echo __("View settings page","really-simple-ssl");?></a>
|
1640 |
</p>
|
1641 |
</div>
|
1676 |
<?php
|
1677 |
}
|
1678 |
|
1679 |
+
//some notices for SSL situations
|
1680 |
if ($this->site_has_ssl) {
|
1681 |
if (sizeof($this->plugin_conflict)>0) {
|
1682 |
+
//pre WooCommerce 2.5
|
1683 |
if (isset($this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"]) && $this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"] && isset($this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) && $this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) {
|
1684 |
?>
|
1685 |
<div id="message" class="error fade notice"><p>
|
1686 |
<?php _e("Really Simple SSL has a conflict with another plugin.","really-simple-ssl");?><br>
|
1687 |
+
<?php _e("The force http after leaving checkout in WooCommerce will create a redirect loop.","really-simple-ssl");?><br>
|
1688 |
<a href="admin.php?page=wc-settings&tab=checkout"><?php _e("Show me this setting","really-simple-ssl");?></a>
|
1689 |
</p></div>
|
1690 |
<?php
|
1694 |
}
|
1695 |
|
1696 |
/**
|
1697 |
+
* Insert some ajax script to dismiss the SSL success message, and stop nagging about it
|
1698 |
*
|
1699 |
* @since 2.0
|
1700 |
*
|
1759 |
*/
|
1760 |
|
1761 |
public function dismiss_success_message_callback() {
|
1762 |
+
//nonce check fails if url is changed to SSL.
|
1763 |
//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
|
1764 |
$this->ssl_success_message_shown = TRUE;
|
1765 |
$this->save_options();
|
1907 |
if ($mixed_content_fixer_detected) {
|
1908 |
_e("Mixed content fixer was successfully detected on the front-end","really-simple-ssl")." ";
|
1909 |
} else {
|
1910 |
+
_e('The mixed content fixer is active, but was not detected on the frontpage. Please follow these steps to check if the mixed content fixer is working.',"really-simple-ssl").": ";
|
1911 |
echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
|
1912 |
_e('Instructions', 'really-simple-ssl');
|
1913 |
echo '</a>';
|
1975 |
/*
|
1976 |
Second tab, Settings
|
1977 |
*/
|
1978 |
+
|
1979 |
?>
|
1980 |
<form action="options.php" method="post">
|
1981 |
<?php
|
2042 |
}
|
2043 |
|
2044 |
/**
|
2045 |
+
* Returns a success, error or warning image for the settings page
|
2046 |
*
|
2047 |
* @since 2.0
|
2048 |
*
|
2143 |
} else {
|
2144 |
if (!$this->ssl_enabled) { ?>
|
2145 |
<p><?php _e("If you want to be sure you're ready to migrate to SSL, get Premium, which includes an extensive scan and premium support.", "really-simple-ssl")?>
|
2146 |
+
<a target="_blank" href="<?php echo $this->pro_url?>"><?php _e("Learn more", "really-simple-ssl")?></a></p>
|
2147 |
<?php } else { ?>
|
2148 |
<p><?php _e('Still having issues with mixed content? Check out Premium, which includes an extensive scan and premium support. ', "really-simple-ssl")?>
|
2149 |
+
<a target="_blank" href="<?php echo $this->pro_url?>"><?php _e("Learn more", "really-simple-ssl")?></a></p>
|
2150 |
<?php
|
2151 |
}
|
2152 |
}
|
2166 |
add_settings_section('rlrsssl_settings', __("Settings","really-simple-ssl"), array($this,'section_text'), 'rlrsssl');
|
2167 |
add_settings_field('id_autoreplace_insecure_links', __("Auto replace mixed content","really-simple-ssl"), array($this,'get_option_autoreplace_insecure_links'), 'rlrsssl', 'rlrsssl_settings');
|
2168 |
|
2169 |
+
//only show option to enable or disable mixed content and redirect when SSL is detected
|
2170 |
if($this->ssl_enabled) {
|
2171 |
add_settings_field('id_wp_redirect', __("Enable WordPress 301 redirection to SSL","really-simple-ssl"), array($this,'get_option_wp_redirect'), 'rlrsssl', 'rlrsssl_settings');
|
2172 |
|
2175 |
add_settings_field('id_htaccess_redirect', __("Enable 301 .htaccess redirect","really-simple-ssl"), array($this,'get_option_htaccess_redirect'), 'rlrsssl', 'rlrsssl_settings');
|
2176 |
}
|
2177 |
|
2178 |
+
add_settings_field('id_javascript_redirect', __("Enable Javascript redirection to SSL","really-simple-ssl"), array($this,'get_option_javascript_redirect'), 'rlrsssl', 'rlrsssl_settings');
|
2179 |
}
|
2180 |
|
2181 |
add_settings_field('id_debug', __("Debug","really-simple-ssl"), array($this,'get_option_debug'), 'rlrsssl', 'rlrsssl_settings');
|
2182 |
//on multisite this setting can only be set networkwide
|
2183 |
if (RSSSL()->rsssl_server->uses_htaccess() && !is_multisite()) {
|
2184 |
add_settings_field('id_do_not_edit_htaccess', __("Stop editing the .htaccess file","really-simple-ssl"), array($this,'get_option_do_not_edit_htaccess'), 'rlrsssl', 'rlrsssl_settings');
|
|
|
|
|
2185 |
}
|
2186 |
+
|
2187 |
+
add_settings_field('id_switch_mixed_content_fixer_hook', __("Switch mixed content fixer hook","really-simple-ssl"), array($this,'get_option_switch_mixed_content_fixer_hook'), 'rlrsssl', 'rlrsssl_settings');
|
2188 |
+
|
2189 |
}
|
2190 |
/**
|
2191 |
* Insert some explanation above the form
|
2373 |
|
2374 |
if ($this->htaccess_redirect && (!is_writable($this->ABSpath.".htaccess") || !$this->htaccess_test_success)) {
|
2375 |
echo "<br><br>";
|
2376 |
+
if (!is_writable($this->ABSpath.".htaccess")) _e("The .htaccess file is not writable. Add these lines to your .htaccess manually, or set 644 writing permissions", "really-simple-ssl");
|
2377 |
if (!$this->htaccess_test_success) _e("The .htaccess redirect rules that were selected by this plugin failed in the test. The following redirect rules were tested:", "really-simple-ssl");
|
2378 |
echo "<br><br>";
|
2379 |
if ($this->ssl_type!="NA") {
|
2555 |
}
|
2556 |
|
2557 |
/**
|
2558 |
+
* Find if this WordPress installation is installed in a subdirectory
|
2559 |
*
|
2560 |
* @since 2.0
|
2561 |
*
|
class-cache.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
if ( ! class_exists( 'rsssl_cache' ) ) {
|
4 |
class rsssl_cache {
|
5 |
private $capability = 'manage_options';
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
if ( ! class_exists( 'rsssl_cache' ) ) {
|
4 |
class rsssl_cache {
|
5 |
private $capability = 'manage_options';
|
class-front-end.php
CHANGED
@@ -1,161 +1,168 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_front_end' ) ) {
|
5 |
-
class rsssl_front_end {
|
6 |
-
private static $_this;
|
7 |
-
public $javascript_redirect = TRUE;
|
8 |
-
public $wp_redirect = TRUE;
|
9 |
-
public $autoreplace_insecure_links = TRUE;
|
10 |
-
public $switch_mixed_content_fixer_hook = FALSE;
|
11 |
-
//public $ssl_enabled_networkwide = FALSE;
|
12 |
-
|
13 |
-
function __construct() {
|
14 |
-
if ( isset( self::$_this ) )
|
15 |
-
wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );
|
16 |
-
|
17 |
-
self::$_this = $this;
|
18 |
-
|
19 |
-
$this->get_options();
|
20 |
-
|
21 |
-
add_action( 'rest_api_init', array($this, 'wp_rest_api_force_ssl'), ~PHP_INT_MAX );
|
22 |
-
|
23 |
-
}
|
24 |
-
|
25 |
-
static function this() {
|
26 |
-
return self::$_this;
|
27 |
-
}
|
28 |
-
|
29 |
-
/**
|
30 |
-
* Sets the SSL variable to on for WordPress, so the native function is_ssl() will return true
|
31 |
-
* It should run as first plugin in WP, otherwise issues might result.
|
32 |
-
*
|
33 |
-
* @since 3.0
|
34 |
-
*
|
35 |
-
* @access public
|
36 |
-
*
|
37 |
-
*/
|
38 |
-
|
39 |
-
// public function set_ssl_var(){
|
40 |
-
// if (($this->ssl_enabled) || $this->ssl_enabled_networkwide) {
|
41 |
-
// $_SERVER["HTTPS"] = "on";
|
42 |
-
// }
|
43 |
-
// }
|
44 |
-
|
45 |
-
/**
|
46 |
-
* Javascript redirect, when ssl is true.
|
47 |
-
*
|
48 |
-
* @since 2.2
|
49 |
-
*
|
50 |
-
* @access public
|
51 |
-
*
|
52 |
-
*/
|
53 |
-
|
54 |
-
public function force_ssl() {
|
55 |
-
if ($this->ssl_enabled) {
|
56 |
-
if ($this->javascript_redirect) add_action('wp_print_scripts', array($this,'force_ssl_with_javascript'));
|
57 |
-
if ($this->wp_redirect) add_action('wp', array($this, 'wp_redirect_to_ssl'), 40,3);
|
58 |
-
}
|
59 |
-
}
|
60 |
-
|
61 |
-
|
62 |
-
/**
|
63 |
-
* Force SSL on wp rest api
|
64 |
-
*
|
65 |
-
* @since 2.5.14
|
66 |
-
*
|
67 |
-
* @access public
|
68 |
-
*
|
69 |
-
*/
|
70 |
-
|
71 |
-
public function wp_rest_api_force_ssl() {
|
72 |
-
//check for Command Line
|
73 |
-
if (php_sapi_name() === 'cli') return;
|
74 |
-
|
75 |
-
if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
|
76 |
-
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
77 |
-
wp_redirect( $redirect_url, 301 );
|
78 |
-
exit;
|
79 |
-
}
|
80 |
-
}
|
81 |
-
|
82 |
-
|
83 |
-
/**
|
84 |
-
* Redirect using wp redirect
|
85 |
-
*
|
86 |
-
* @since 2.5.0
|
87 |
-
*
|
88 |
-
* @access public
|
89 |
-
*
|
90 |
-
*/
|
91 |
|
92 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
93 |
|
94 |
-
if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
|
95 |
-
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
96 |
-
$redirect_url = apply_filters("rsssl_wp_redirect_url", $redirect_url);
|
97 |
-
wp_redirect($redirect_url, 301);
|
98 |
-
exit;
|
99 |
-
}
|
100 |
}
|
101 |
-
|
102 |
-
|
103 |
-
|
104 |
-
/**
|
105 |
-
* Get the options for this plugin
|
106 |
-
*
|
107 |
-
* @since 2.0
|
108 |
-
*
|
109 |
-
* @access public
|
110 |
-
*
|
111 |
-
*/
|
112 |
-
|
113 |
-
public function get_options(){
|
114 |
-
$options = get_option('rlrsssl_options');
|
115 |
-
if (isset($options)) {
|
116 |
-
$this->autoreplace_insecure_links = isset($options['autoreplace_insecure_links']) ? $options['autoreplace_insecure_links'] : TRUE;
|
117 |
-
$this->ssl_enabled = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : false;
|
118 |
-
$this->javascript_redirect = isset($options['javascript_redirect']) ? $options['javascript_redirect'] : TRUE;
|
119 |
-
$this->wp_redirect = isset($options['wp_redirect']) ? $options['wp_redirect'] : FALSE;
|
120 |
-
$this->switch_mixed_content_fixer_hook = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
|
121 |
-
|
122 |
-
//overrides from multisite
|
123 |
-
if (is_multisite()) {
|
124 |
-
$network_options = get_site_option('rlrsssl_network_options');
|
125 |
-
|
126 |
-
$site_wp_redirect = isset($network_options["wp_redirect"]) ? $network_options["wp_redirect"] : false;
|
127 |
-
$javascript_redirect = isset($network_options["javascript_redirect"]) ? $network_options["javascript_redirect"] : false;
|
128 |
-
$autoreplace_insecure_links = isset($network_options["autoreplace_mixed_content"]) ? $network_options["autoreplace_mixed_content"] : false;
|
129 |
-
|
130 |
-
if ($site_wp_redirect) $this->wp_redirect = $site_wp_redirect;
|
131 |
-
if ($javascript_redirect) $this->javascript_redirect = $javascript_redirect;
|
132 |
-
if ($autoreplace_insecure_links) $this->autoreplace_insecure_links = $autoreplace_insecure_links;
|
133 |
-
|
134 |
-
}
|
135 |
-
}
|
136 |
-
}
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
/**
|
143 |
-
* Adds some javascript to redirect to https.
|
144 |
-
*
|
145 |
-
* @since 1.0
|
146 |
-
*
|
147 |
-
* @access public
|
148 |
-
*
|
149 |
-
*/
|
150 |
-
|
151 |
-
public function force_ssl_with_javascript() {
|
152 |
-
?>
|
153 |
-
<script>
|
154 |
-
if (document.location.protocol != "https:") {
|
155 |
-
document.location = document.URL.replace(/^http:/i, "https:");
|
156 |
-
}
|
157 |
-
</script>
|
158 |
-
<?php
|
159 |
-
}
|
160 |
-
|
161 |
-
}}
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_front_end' ) ) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
|
6 |
+
class rsssl_front_end
|
7 |
+
{
|
8 |
+
private static $_this;
|
9 |
+
public $javascript_redirect = TRUE;
|
10 |
+
public $wp_redirect = TRUE;
|
11 |
+
public $autoreplace_insecure_links = TRUE;
|
12 |
+
public $switch_mixed_content_fixer_hook = FALSE;
|
13 |
+
|
14 |
+
//public $ssl_enabled_networkwide = FALSE;
|
15 |
+
|
16 |
+
function __construct()
|
17 |
+
{
|
18 |
+
if (isset(self::$_this))
|
19 |
+
wp_die(sprintf(__('%s is a singleton class and you cannot create a second instance.', 'really-simple-ssl'), get_class($this)));
|
20 |
+
|
21 |
+
self::$_this = $this;
|
22 |
+
|
23 |
+
$this->get_options();
|
24 |
+
|
25 |
+
add_action('rest_api_init', array($this, 'wp_rest_api_force_ssl'), ~PHP_INT_MAX);
|
26 |
+
|
27 |
+
}
|
28 |
+
|
29 |
+
static function this()
|
30 |
+
{
|
31 |
+
return self::$_this;
|
32 |
+
}
|
33 |
+
|
34 |
+
/**
|
35 |
+
* Sets the SSL variable to on for WordPress, so the native function is_ssl() will return true
|
36 |
+
* It should run as first plugin in WP, otherwise issues might result.
|
37 |
+
*
|
38 |
+
* @since 3.0
|
39 |
+
*
|
40 |
+
* @access public
|
41 |
+
*
|
42 |
+
*/
|
43 |
+
|
44 |
+
// public function set_ssl_var(){
|
45 |
+
// if (($this->ssl_enabled) || $this->ssl_enabled_networkwide) {
|
46 |
+
// $_SERVER["HTTPS"] = "on";
|
47 |
+
// }
|
48 |
+
// }
|
49 |
+
|
50 |
+
/**
|
51 |
+
* Javascript redirect, when ssl is true.
|
52 |
+
*
|
53 |
+
* @since 2.2
|
54 |
+
*
|
55 |
+
* @access public
|
56 |
+
*
|
57 |
+
*/
|
58 |
+
|
59 |
+
public function force_ssl()
|
60 |
+
{
|
61 |
+
if ($this->ssl_enabled) {
|
62 |
+
if ($this->javascript_redirect) add_action('wp_print_scripts', array($this, 'force_ssl_with_javascript'));
|
63 |
+
if ($this->wp_redirect) add_action('wp', array($this, 'wp_redirect_to_ssl'), 40, 3);
|
64 |
+
}
|
65 |
+
}
|
66 |
+
|
67 |
+
|
68 |
+
/**
|
69 |
+
* Force SSL on wp rest api
|
70 |
+
*
|
71 |
+
* @since 2.5.14
|
72 |
+
*
|
73 |
+
* @access public
|
74 |
+
*
|
75 |
+
*/
|
76 |
+
|
77 |
+
public function wp_rest_api_force_ssl()
|
78 |
+
{
|
79 |
+
//check for Command Line
|
80 |
+
if (php_sapi_name() === 'cli') return;
|
81 |
+
|
82 |
+
if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
|
83 |
+
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
84 |
+
wp_redirect($redirect_url, 301);
|
85 |
+
exit;
|
86 |
+
}
|
87 |
+
}
|
88 |
+
|
89 |
+
|
90 |
+
/**
|
91 |
+
* Redirect using wp redirect
|
92 |
+
*
|
93 |
+
* @since 2.5.0
|
94 |
+
*
|
95 |
+
* @access public
|
96 |
+
*
|
97 |
+
*/
|
98 |
+
|
99 |
+
public function wp_redirect_to_ssl()
|
100 |
+
{
|
101 |
+
|
102 |
+
if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
|
103 |
+
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
104 |
+
$redirect_url = apply_filters("rsssl_wp_redirect_url", $redirect_url);
|
105 |
+
wp_redirect($redirect_url, 301);
|
106 |
+
exit;
|
107 |
+
}
|
108 |
+
}
|
109 |
+
|
110 |
+
|
111 |
+
/**
|
112 |
+
* Get the options for this plugin
|
113 |
+
*
|
114 |
+
* @since 2.0
|
115 |
+
*
|
116 |
+
* @access public
|
117 |
+
*
|
118 |
+
*/
|
119 |
+
|
120 |
+
public function get_options()
|
121 |
+
{
|
122 |
+
$options = get_option('rlrsssl_options');
|
123 |
+
if (isset($options)) {
|
124 |
+
$this->autoreplace_insecure_links = isset($options['autoreplace_insecure_links']) ? $options['autoreplace_insecure_links'] : TRUE;
|
125 |
+
$this->ssl_enabled = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : false;
|
126 |
+
$this->javascript_redirect = isset($options['javascript_redirect']) ? $options['javascript_redirect'] : TRUE;
|
127 |
+
$this->wp_redirect = isset($options['wp_redirect']) ? $options['wp_redirect'] : FALSE;
|
128 |
+
$this->switch_mixed_content_fixer_hook = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
|
129 |
+
|
130 |
+
//overrides from multisite
|
131 |
+
if (is_multisite()) {
|
132 |
+
$network_options = get_site_option('rlrsssl_network_options');
|
133 |
+
|
134 |
+
$site_wp_redirect = isset($network_options["wp_redirect"]) ? $network_options["wp_redirect"] : false;
|
135 |
+
$javascript_redirect = isset($network_options["javascript_redirect"]) ? $network_options["javascript_redirect"] : false;
|
136 |
+
$autoreplace_insecure_links = isset($network_options["autoreplace_mixed_content"]) ? $network_options["autoreplace_mixed_content"] : false;
|
137 |
+
|
138 |
+
if ($site_wp_redirect) $this->wp_redirect = $site_wp_redirect;
|
139 |
+
if ($javascript_redirect) $this->javascript_redirect = $javascript_redirect;
|
140 |
+
if ($autoreplace_insecure_links) $this->autoreplace_insecure_links = $autoreplace_insecure_links;
|
141 |
+
|
142 |
+
}
|
143 |
+
}
|
144 |
+
}
|
145 |
+
|
146 |
+
|
147 |
+
/**
|
148 |
+
* Adds some javascript to redirect to https.
|
149 |
+
*
|
150 |
+
* @since 1.0
|
151 |
+
*
|
152 |
+
* @access public
|
153 |
+
*
|
154 |
+
*/
|
155 |
+
|
156 |
+
public function force_ssl_with_javascript()
|
157 |
+
{
|
158 |
+
?>
|
159 |
+
<script>
|
160 |
+
if (document.location.protocol != "https:") {
|
161 |
+
document.location = document.URL.replace(/^http:/i, "https:");
|
162 |
+
}
|
163 |
+
</script>
|
164 |
+
<?php
|
165 |
+
}
|
166 |
|
|
|
|
|
|
|
|
|
|
|
|
|
167 |
}
|
168 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class-help.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
if ( ! class_exists( 'rsssl_help' ) ) {
|
4 |
class rsssl_help {
|
5 |
private static $_this;
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
if ( ! class_exists( 'rsssl_help' ) ) {
|
4 |
class rsssl_help {
|
5 |
private static $_this;
|
class-mixed-content-fixer.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_admin_mixed_content_fixer' ) ) {
|
5 |
class rsssl_mixed_content_fixer {
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_admin_mixed_content_fixer' ) ) {
|
5 |
class rsssl_mixed_content_fixer {
|
class-multisite.php
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
defined('ABSPATH') or die("you do not have
|
4 |
|
5 |
if ( ! class_exists( 'rsssl_multisite' ) ) {
|
6 |
class rsssl_multisite {
|
@@ -34,7 +34,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
|
|
34 |
$this->load_options();
|
35 |
register_activation_hook( dirname( __FILE__ )."/".rsssl_plugin, array($this,'activate') );
|
36 |
|
37 |
-
/*filters to make sure
|
38 |
add_filter("admin_url", array($this, "check_admin_protocol"), 20, 3 );
|
39 |
add_filter('home_url', array($this, 'check_site_protocol') , 20,4);
|
40 |
add_filter('site_url', array($this, 'check_site_protocol') , 20,4);
|
@@ -154,7 +154,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
|
|
154 |
if (!RSSSL()->really_simple_ssl->site_has_ssl) {
|
155 |
?>
|
156 |
<p>
|
157 |
-
<?php _e("No SSL was detected. If you do have an
|
158 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
159 |
</p>
|
160 |
<?php
|
@@ -196,7 +196,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
|
|
196 |
|
197 |
public function settings_tab(){
|
198 |
if (isset($_GET['updated'])): ?>
|
199 |
-
<div id="message" class="updated notice is-dismissible"><p><?php _e('Options saved.') ?></p></div>
|
200 |
<?php endif; ?>
|
201 |
<div class="wrap">
|
202 |
<h1><?php _e('Really Simple SSL multisite options', 'really-simple-ssl'); ?></h1>
|
@@ -290,7 +290,7 @@ public function settings_tab(){
|
|
290 |
$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]
|
291 |
?>
|
292 |
<div id="message" class="error fade notice activate-ssl">
|
293 |
-
<p><?php _e("No SSL was detected. If you do have an
|
294 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
295 |
</p>
|
296 |
</div>
|
@@ -305,7 +305,7 @@ public function settings_tab(){
|
|
305 |
<p>
|
306 |
<ul>
|
307 |
<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
|
308 |
-
<li><?php _e('Images, stylesheets or scripts from a domain without an
|
309 |
</ul>
|
310 |
</p>
|
311 |
<?php $this->show_pro(); ?>
|
@@ -370,7 +370,7 @@ public function settings_tab(){
|
|
370 |
$this->wp_redirect = true;
|
371 |
$this->save_options();
|
372 |
|
373 |
-
//enable SSL on all
|
374 |
$this->activate_ssl_networkwide();
|
375 |
|
376 |
}
|
@@ -471,7 +471,7 @@ public function settings_tab(){
|
|
471 |
|
472 |
|
473 |
/**
|
474 |
-
* filters the get_admin_url function to correct the false https urls wordpress returns for non
|
475 |
*
|
476 |
* @since 2.3.10
|
477 |
*
|
@@ -500,7 +500,7 @@ public function check_admin_protocol($url, $path, $blog_id){
|
|
500 |
}
|
501 |
|
502 |
/**
|
503 |
-
* filters the home_url and/or site_url function to correct the false https urls wordpress returns for non
|
504 |
*
|
505 |
* @since 2.3.17
|
506 |
*
|
@@ -518,14 +518,14 @@ public function check_site_protocol($url, $path, $orig_scheme, $blog_id){
|
|
518 |
|
519 |
|
520 |
|
521 |
-
|
522 |
* Checks if we are on a subfolder install. (domain.com/site1 )
|
523 |
*
|
524 |
* @since 2.2
|
525 |
*
|
526 |
-
* @access
|
527 |
*
|
528 |
-
|
529 |
|
530 |
public function is_multisite_subfolder_install() {
|
531 |
if (!is_multisite()) return FALSE;
|
@@ -615,7 +615,7 @@ public function show_notices()
|
|
615 |
else
|
616 |
_e("SSL was activated per site.", "really-simple-ssl");
|
617 |
?>
|
618 |
-
<?php _e("Don't forget to change your settings in Google Analytics
|
619 |
<a target="_blank" href="https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/"><?php _e("More info.","really-simple-ssl");?></a>
|
620 |
</p>
|
621 |
</div>
|
@@ -623,7 +623,7 @@ public function show_notices()
|
|
623 |
}
|
624 |
|
625 |
if (!$this->ssl_enabled_networkwide && $this->selected_networkwide_or_per_site && $this->is_multisite_subfolder_install()) {
|
626 |
-
//with no server variables, the website could get into redirect
|
627 |
if (RSSSL()->really_simple_ssl->no_server_variable) {
|
628 |
?>
|
629 |
<div id="message" class="error fade notice">
|
@@ -640,7 +640,7 @@ public function show_notices()
|
|
640 |
|
641 |
|
642 |
/**
|
643 |
-
* Insert some ajax script to dismis the
|
644 |
*
|
645 |
* @since 2.0
|
646 |
*
|
@@ -681,7 +681,7 @@ $ajax_nonce = wp_create_nonce( "really-simple-ssl-dismiss" );
|
|
681 |
*/
|
682 |
|
683 |
public function dismiss_success_message_callback() {
|
684 |
-
//nonce check fails if url is changed to
|
685 |
//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
|
686 |
update_site_option("rsssl_success_message_shown", true);
|
687 |
wp_die();
|
1 |
<?php
|
2 |
|
3 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
4 |
|
5 |
if ( ! class_exists( 'rsssl_multisite' ) ) {
|
6 |
class rsssl_multisite {
|
34 |
$this->load_options();
|
35 |
register_activation_hook( dirname( __FILE__ )."/".rsssl_plugin, array($this,'activate') );
|
36 |
|
37 |
+
/*filters to make sure WordPress returns the correct protocol */
|
38 |
add_filter("admin_url", array($this, "check_admin_protocol"), 20, 3 );
|
39 |
add_filter('home_url', array($this, 'check_site_protocol') , 20,4);
|
40 |
add_filter('site_url', array($this, 'check_site_protocol') , 20,4);
|
154 |
if (!RSSSL()->really_simple_ssl->site_has_ssl) {
|
155 |
?>
|
156 |
<p>
|
157 |
+
<?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
|
158 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
159 |
</p>
|
160 |
<?php
|
196 |
|
197 |
public function settings_tab(){
|
198 |
if (isset($_GET['updated'])): ?>
|
199 |
+
<div id="message" class="updated notice is-dismissible"><p><?php _e('Options saved.', 'really-simple-ssl') ?></p></div>
|
200 |
<?php endif; ?>
|
201 |
<div class="wrap">
|
202 |
<h1><?php _e('Really Simple SSL multisite options', 'really-simple-ssl'); ?></h1>
|
290 |
$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]
|
291 |
?>
|
292 |
<div id="message" class="error fade notice activate-ssl">
|
293 |
+
<p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
|
294 |
<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
|
295 |
</p>
|
296 |
</div>
|
305 |
<p>
|
306 |
<ul>
|
307 |
<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
|
308 |
+
<li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li>
|
309 |
</ul>
|
310 |
</p>
|
311 |
<?php $this->show_pro(); ?>
|
370 |
$this->wp_redirect = true;
|
371 |
$this->save_options();
|
372 |
|
373 |
+
//enable SSL on all sites on the network
|
374 |
$this->activate_ssl_networkwide();
|
375 |
|
376 |
}
|
471 |
|
472 |
|
473 |
/**
|
474 |
+
* filters the get_admin_url function to correct the false https urls wordpress returns for non SSL websites.
|
475 |
*
|
476 |
* @since 2.3.10
|
477 |
*
|
500 |
}
|
501 |
|
502 |
/**
|
503 |
+
* filters the home_url and/or site_url function to correct the false https urls wordpress returns for non SSL websites.
|
504 |
*
|
505 |
* @since 2.3.17
|
506 |
*
|
518 |
|
519 |
|
520 |
|
521 |
+
/*
|
522 |
* Checks if we are on a subfolder install. (domain.com/site1 )
|
523 |
*
|
524 |
* @since 2.2
|
525 |
*
|
526 |
+
* @access public
|
527 |
*
|
528 |
+
**/
|
529 |
|
530 |
public function is_multisite_subfolder_install() {
|
531 |
if (!is_multisite()) return FALSE;
|
615 |
else
|
616 |
_e("SSL was activated per site.", "really-simple-ssl");
|
617 |
?>
|
618 |
+
<?php _e("Don't forget to change your settings in Google Analytics and Webmaster tools.","really-simple-ssl");?>
|
619 |
<a target="_blank" href="https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/"><?php _e("More info.","really-simple-ssl");?></a>
|
620 |
</p>
|
621 |
</div>
|
623 |
}
|
624 |
|
625 |
if (!$this->ssl_enabled_networkwide && $this->selected_networkwide_or_per_site && $this->is_multisite_subfolder_install()) {
|
626 |
+
//with no server variables, the website could get into a redirect loop.
|
627 |
if (RSSSL()->really_simple_ssl->no_server_variable) {
|
628 |
?>
|
629 |
<div id="message" class="error fade notice">
|
640 |
|
641 |
|
642 |
/**
|
643 |
+
* Insert some ajax script to dismis the SSL success message, and stop nagging about it
|
644 |
*
|
645 |
* @since 2.0
|
646 |
*
|
681 |
*/
|
682 |
|
683 |
public function dismiss_success_message_callback() {
|
684 |
+
//nonce check fails if url is changed to SSL.
|
685 |
//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
|
686 |
update_site_option("rsssl_success_message_shown", true);
|
687 |
wp_die();
|
class-server.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
defined('ABSPATH') or die("you do not have
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_server' ) ) {
|
5 |
class rsssl_server {
|
1 |
<?php
|
2 |
+
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
if ( ! class_exists( 'rsssl_server' ) ) {
|
5 |
class rsssl_server {
|
force-deactivate.txt
CHANGED
@@ -53,7 +53,7 @@
|
|
53 |
echo "<li>".$errorname."</li>";
|
54 |
}
|
55 |
echo "</ul>";
|
56 |
-
echo "Errors while removing the
|
57 |
}
|
58 |
|
59 |
echo $step.". Deactivating plugin"."<br>";
|
53 |
echo "<li>".$errorname."</li>";
|
54 |
}
|
55 |
echo "</ul>";
|
56 |
+
echo "Errors while removing the Really Simple SSL lines from your wp-config.php and .htaccess files, which you can normally find in your webroot."."<br><br>";
|
57 |
}
|
58 |
|
59 |
echo $step.". Deactivating plugin"."<br>";
|
readme.txt
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
=== Really Simple SSL ===
|
2 |
Contributors: RogierLankhorst
|
3 |
Donate link: https://www.paypal.me/reallysimplessl
|
4 |
-
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security,
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
Tested up to: 4.9
|
8 |
-
Stable tag: 2.5.
|
9 |
|
10 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
11 |
|
@@ -18,7 +18,7 @@ To keep it lightweight, the options are kept to a minimum. The entire site will
|
|
18 |
* Activate this plugin
|
19 |
* Enable SSL with one click
|
20 |
|
21 |
-
Always backup before you go! If you do not have a sound backup policy, start having one!
|
22 |
|
23 |
Really Simple SSL is on [GitHub](https://github.com/rlankhorst/really-simple-ssl) as well!
|
24 |
|
@@ -35,12 +35,12 @@ some cool features.
|
|
35 |
* Premium support
|
36 |
|
37 |
= What does the plugin actually do =
|
38 |
-
* The plugin handles most issues that
|
39 |
* All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
|
40 |
* The site url and home url are changed to https.
|
41 |
* Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
|
42 |
|
43 |
-
[contact](https://www.really-simple-ssl.com/contact/) me if you have any questions, issues, or suggestions.
|
44 |
|
45 |
= Like to have this plugin in your language? =
|
46 |
Translations can be added very easily [here](https://translate.wordpress.org/projects/wp-plugins/really-simple-ssl). If you do, I can get you added as translation editor to approve the translations.
|
@@ -78,6 +78,10 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
|
|
78 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
79 |
|
80 |
== Changelog ==
|
|
|
|
|
|
|
|
|
81 |
= 2.5.24 =
|
82 |
* Fix: On multisite, admin_url forced current blog URL's over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.
|
83 |
|
@@ -234,7 +238,7 @@ fix: Adjusted selection order of .htaccess rules, preventing redirect loops
|
|
234 |
* Tweak: htaccess files and wpconfig are rewritten when the settings page is loaded
|
235 |
|
236 |
= 2.3.9 =
|
237 |
-
* Fix: removed internal
|
238 |
* Tweak: improved url request method
|
239 |
|
240 |
= 2.3.8 =
|
@@ -269,7 +273,7 @@ fix: Adjusted selection order of .htaccess rules, preventing redirect loops
|
|
269 |
* Fixed some bugs in deactivation and activation of multisite
|
270 |
|
271 |
= 2.3.0 =
|
272 |
-
*
|
273 |
* Added a notice if .htaccess is not writable
|
274 |
|
275 |
= 2.2.20 =
|
@@ -298,7 +302,7 @@ Added code so JetPack will run smoothly on SSL as well, thanks to Konstantin for
|
|
298 |
|
299 |
= 2.2.12 =
|
300 |
* To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.
|
301 |
-
* Moved redirect above the
|
302 |
* Added an option to disable the fallback javascript redirection to https.
|
303 |
|
304 |
= 2.2.11 =
|
@@ -316,7 +320,7 @@ Edited the wpconfig define check to prevent warnings when none are needed.
|
|
316 |
= 2.2.7 =
|
317 |
* Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.
|
318 |
* Changed text domain to make this plugin language packs ready
|
319 |
-
* Added 404 detection to
|
320 |
|
321 |
= 2.2.6 =
|
322 |
Added slash in redirect rule
|
@@ -335,9 +339,9 @@ documentation update
|
|
335 |
|
336 |
= 2.2.0 =
|
337 |
* Added per site activation for multisite, but excluded this option for subfolder installs.
|
338 |
-
* Added script to easily deactivate the plugin when you are locked out of the
|
339 |
-
* Added support for a situation where no server variables are given which can indicate
|
340 |
-
* Removed warning on
|
341 |
* Added Russian translation, thanks to xsascha
|
342 |
* Improved redirect rules in the .htaccess
|
343 |
* Added option te disable the plugin from editing the .htaccess in the settings
|
@@ -345,12 +349,12 @@ documentation update
|
|
345 |
* Fixed a bug where insecure content scan would not scan custom post types
|
346 |
|
347 |
= 2.1.18 =
|
348 |
-
* Made
|
349 |
-
* Fixed a bug caused by WP native plugin_dir_url() returning relative path, resulting in no
|
350 |
|
351 |
= 2.1.17 =
|
352 |
* Fixed a bug where example .htaccess rewrite rules weren't generated correctly
|
353 |
-
* Added
|
354 |
* Excluded transients from mixed content scan results
|
355 |
|
356 |
= 2.1.16 =
|
@@ -361,14 +365,14 @@ documentation update
|
|
361 |
|
362 |
= 2.1.15 =
|
363 |
* Improved user interface with tabs
|
364 |
-
* Changed function to test
|
365 |
-
* Extended the mixed content fixer to replace src="http:// links, as these should always be https on an
|
366 |
-
* Added an
|
367 |
|
368 |
= 2.1.14 =
|
369 |
* Added support for loadbalancer and is_ssl() returning false: in that case a wp-config fix is needed.
|
370 |
* Improved performance
|
371 |
-
* Added
|
372 |
* Fixed a bug where the rlrsssl_replace_url_args filter was not applied correctly.
|
373 |
|
374 |
= 2.1.13 =
|
@@ -380,7 +384,7 @@ documentation update
|
|
380 |
* Readded HSTS to the htaccess rules, but now as an option. Adding this should be done only when you are sure you do not want to revert back to http.
|
381 |
|
382 |
= 2.1.11 =
|
383 |
-
* Improved instructions regarding
|
384 |
|
385 |
= 2.1.10 =
|
386 |
* Removed HSTS headers, because it is difficult to roll back.
|
@@ -413,7 +417,7 @@ documentation update
|
|
413 |
* Added detection of loadbalancer and cdn so .htaccess rules can be adapted accordingly. Fixes some redirect loop issues.
|
414 |
* Added the possibility to disable the auto replace of insecure links
|
415 |
* Added a scan to scan the website for insecure links
|
416 |
-
* Added detection of in wp-config.php defined siteurl and homeurl, which could prevent from
|
417 |
* Dropped the force ssl option (used when not ssl detected)
|
418 |
* Thanks to Peter Tak, [PTA security](http://www.pta-security.nl/) for mentioning the owasp security best practice https://www.owasp.org/index.php/HTTP_Strict_Transport_Security in .htaccess,
|
419 |
|
1 |
=== Really Simple SSL ===
|
2 |
Contributors: RogierLankhorst
|
3 |
Donate link: https://www.paypal.me/reallysimplessl
|
4 |
+
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
Tested up to: 4.9
|
8 |
+
Stable tag: 2.5.25
|
9 |
|
10 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
11 |
|
18 |
* Activate this plugin
|
19 |
* Enable SSL with one click
|
20 |
|
21 |
+
Always backup before you go! If you do not have a sound backup policy, start having one! See https://really-simple-ssl.com/knowledge-base/backing-up-your-site/ for our recommendations.
|
22 |
|
23 |
Really Simple SSL is on [GitHub](https://github.com/rlankhorst/really-simple-ssl) as well!
|
24 |
|
35 |
* Premium support
|
36 |
|
37 |
= What does the plugin actually do =
|
38 |
+
* The plugin handles most issues that WordPress has with SSL, like when you're behind a reverse proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
|
39 |
* All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
|
40 |
* The site url and home url are changed to https.
|
41 |
* Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
|
42 |
|
43 |
+
[contact](https://www.really-simple-ssl.com/contact/) me if you have any questions, issues, or suggestions. Really Simple SSL is developed by [Really Simple Plugins](https://www.really-simple-plugins.com).
|
44 |
|
45 |
= Like to have this plugin in your language? =
|
46 |
Translations can be added very easily [here](https://translate.wordpress.org/projects/wp-plugins/really-simple-ssl). If you do, I can get you added as translation editor to approve the translations.
|
78 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
79 |
|
80 |
== Changelog ==
|
81 |
+
= 2.5.25 =
|
82 |
+
* Fix: "switch mixed content fixer hook" option not visible on the multisites settings page
|
83 |
+
* Tweak: several typo's and uppercasing
|
84 |
+
|
85 |
= 2.5.24 =
|
86 |
* Fix: On multisite, admin_url forced current blog URL's over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.
|
87 |
|
238 |
* Tweak: htaccess files and wpconfig are rewritten when the settings page is loaded
|
239 |
|
240 |
= 2.3.9 =
|
241 |
+
* Fix: removed internal WordPress redirect as it causes issues for some users.
|
242 |
* Tweak: improved url request method
|
243 |
|
244 |
= 2.3.8 =
|
273 |
* Fixed some bugs in deactivation and activation of multisite
|
274 |
|
275 |
= 2.3.0 =
|
276 |
+
* Gave more control over activation process by explicity asking to enable SSL.
|
277 |
* Added a notice if .htaccess is not writable
|
278 |
|
279 |
= 2.2.20 =
|
302 |
|
303 |
= 2.2.12 =
|
304 |
* To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.
|
305 |
+
* Moved redirect above the WordPress rewrite rules in the htaccess file.
|
306 |
* Added an option to disable the fallback javascript redirection to https.
|
307 |
|
308 |
= 2.2.11 =
|
320 |
= 2.2.7 =
|
321 |
* Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.
|
322 |
* Changed text domain to make this plugin language packs ready
|
323 |
+
* Added 404 detection to SSL detection function, so subdomains can get checked properly on subdomain multisite installs
|
324 |
|
325 |
= 2.2.6 =
|
326 |
Added slash in redirect rule
|
339 |
|
340 |
= 2.2.0 =
|
341 |
* Added per site activation for multisite, but excluded this option for subfolder installs.
|
342 |
+
* Added script to easily deactivate the plugin when you are locked out of the WordPress admin.
|
343 |
+
* Added support for a situation where no server variables are given which can indicate SSL, which can cause WordPress to generate errors and redirect loops.
|
344 |
+
* Removed warning on WooCommerce force SSL after checkout, as only unforce SSL seems to be causing problems
|
345 |
* Added Russian translation, thanks to xsascha
|
346 |
* Improved redirect rules in the .htaccess
|
347 |
* Added option te disable the plugin from editing the .htaccess in the settings
|
349 |
* Fixed a bug where insecure content scan would not scan custom post types
|
350 |
|
351 |
= 2.1.18 =
|
352 |
+
* Made WooCommerce warning dismissable, as it does not seem to cause issues
|
353 |
+
* Fixed a bug caused by WP native plugin_dir_url() returning relative path, resulting in no SSL messages
|
354 |
|
355 |
= 2.1.17 =
|
356 |
* Fixed a bug where example .htaccess rewrite rules weren't generated correctly
|
357 |
+
* Added WooCommerce to the plugin conflicts handler, as some settings conflict with this plugin, and are superfluous when you force your site to SSL anyway.
|
358 |
* Excluded transients from mixed content scan results
|
359 |
|
360 |
= 2.1.16 =
|
365 |
|
366 |
= 2.1.15 =
|
367 |
* Improved user interface with tabs
|
368 |
+
* Changed function to test SSL test page from file_get_contents to curl, as this improves response time, which might prevent "no SSL messages"
|
369 |
+
* Extended the mixed content fixer to replace src="http:// links, as these should always be https on an SSL site.
|
370 |
+
* Added an error message in case of force rewrite titles in Yoast SEO plugin is used, as this prevents the plugin from fixing mixed content
|
371 |
|
372 |
= 2.1.14 =
|
373 |
* Added support for loadbalancer and is_ssl() returning false: in that case a wp-config fix is needed.
|
374 |
* Improved performance
|
375 |
+
* Added debugging option, so a trace log can be viewed
|
376 |
* Fixed a bug where the rlrsssl_replace_url_args filter was not applied correctly.
|
377 |
|
378 |
= 2.1.13 =
|
384 |
* Readded HSTS to the htaccess rules, but now as an option. Adding this should be done only when you are sure you do not want to revert back to http.
|
385 |
|
386 |
= 2.1.11 =
|
387 |
+
* Improved instructions regarding uninstalling when locked out of back-end
|
388 |
|
389 |
= 2.1.10 =
|
390 |
* Removed HSTS headers, because it is difficult to roll back.
|
417 |
* Added detection of loadbalancer and cdn so .htaccess rules can be adapted accordingly. Fixes some redirect loop issues.
|
418 |
* Added the possibility to disable the auto replace of insecure links
|
419 |
* Added a scan to scan the website for insecure links
|
420 |
+
* Added detection of in wp-config.php defined siteurl and homeurl, which could prevent from successful url change.
|
421 |
* Dropped the force ssl option (used when not ssl detected)
|
422 |
* Thanks to Peter Tak, [PTA security](http://www.pta-security.nl/) for mentioning the owasp security best practice https://www.owasp.org/index.php/HTTP_Strict_Transport_Security in .htaccess,
|
423 |
|
rlrsssl-really-simple-ssl.php
CHANGED
@@ -2,12 +2,12 @@
|
|
2 |
/**
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
-
* Description: Lightweight plugin without any setup to make your site
|
6 |
-
* Version: 2.5.
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
* Author: Rogier Lankhorst
|
10 |
-
* Author URI: https://
|
11 |
* License: GPL2
|
12 |
*/
|
13 |
|
@@ -52,9 +52,9 @@
|
|
52 |
self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
|
53 |
|
54 |
// Backwards compatibility for add-ons
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
|
59 |
if ( is_admin() ) {
|
60 |
if ( is_multisite() ) {
|
2 |
/**
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
+
* Description: Lightweight plugin without any setup to make your site SSL proof
|
6 |
+
* Version: 2.5.25
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
* Author: Rogier Lankhorst
|
10 |
+
* Author URI: https://really-simple-plugins.com
|
11 |
* License: GPL2
|
12 |
*/
|
13 |
|
52 |
self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
|
53 |
|
54 |
// Backwards compatibility for add-ons
|
55 |
+
global $rsssl_front_end, $rsssl_mixed_content_fixer;
|
56 |
+
$rsssl_front_end = self::$instance->rsssl_front_end;
|
57 |
+
$rsssl_mixed_content_fixer = self::$instance->rsssl_mixed_content_fixer;
|
58 |
|
59 |
if ( is_admin() ) {
|
60 |
if ( is_multisite() ) {
|
ssl-test-page.php
CHANGED
@@ -5,7 +5,7 @@
|
|
5 |
</head>
|
6 |
<body>
|
7 |
<h1>#SSL TEST PAGE#</h1>
|
8 |
-
<p>This page is used purely to test for
|
9 |
<?php
|
10 |
$ssl = FALSE;
|
11 |
if (isset($_SERVER['HTTPS']) ) {
|
5 |
</head>
|
6 |
<body>
|
7 |
<h1>#SSL TEST PAGE#</h1>
|
8 |
+
<p>This page is used purely to test for SSL availability.</p>
|
9 |
<?php
|
10 |
$ssl = FALSE;
|
11 |
if (isset($_SERVER['HTTPS']) ) {
|
testssl/cdn/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/cloudflare/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/cloudfront/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/envhttps/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/loadbalancer/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/serverhttps1/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/serverhttpson/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
testssl/serverport443/ssl-test-page.html
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
-
This page is for testing
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|
3 |
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
|
4 |
</head>
|
5 |
<body>
|
6 |
+
This page is for testing SSL functionality.
|
7 |
#SSL TEST PAGE#
|
8 |
</body>
|
9 |
</html>
|