WordPress HTTPS (SSL)

Wordpress Plugin
Download latest - 3.4.0



Download Stats

Today 369
Yesterday 603
Last Week 3,924
All Time 617,912
Banner 772x250

Releases (47 )

Version Release Date Change Log
3.4.0 2018-01-11
  • Tested with WordPress v4.9.1
  • Many improvements to performance. Special thanks to He Shiming for help with profiling and improvements.
  • Added internal caching to Parser module to drastically reduce queries.
  • Added checks for Domain Mapping plugin.
  • Renamed Domain Mapping featured to URL Mapping to reduce confusion with Domain Mapping plugin.
  • Added ability to map both to and from HTTPS with URL Mapping.
  • Added ability to also map local resources using URL Mapping.
  • Fixed bug when external resources contained a port number, the port was not removed when testing for HTTPS.
  • External HTTPS elements on HTTP pages will now stay HTTPS.
  • Fonts should now be properly secured.
  • Added check for HTTP_X_FORWARDED_SSL header.
3.4.2 2018-01-02
  • [Bug] Patch issue causing insecure content errors. If you are still having issues after updating, please revert to 3.4.0 and let me know in the support forum.
3.4.1 2018-01-02
  • [Feature] Content Fixer is now optional in the plugin settings. This option should be on by default and is the preferred method to use the plugin.
  • [Feature] Output buffering optional via wordpress_https_parser_ob filter. #56
  • [Bug] External resources being changed to local URL #59
  • [Bug] Added RSS permalink to filtered URLs.
  • [Bug] Remove network defaults on uninstall.
  • [Bug] Fixed displaying of Admin CSS when site_url is HTTP. #58
  • [Bug] Fixed issues displaying and resetting network settings introduced by 3.4.0.
3.3.6 2013-03-15
  • Fixed bug where admin links in multisite networks were being broken.
  • Added check for Jigoshop admin-ajax.php calls.
3.3.5 2013-02-19
  • Enhanced multisite support and testing.
  • Slightly adjusted settings page column widths.
  • Now using admin-ajax.php for settings page.
  • Added detection and conflict fixes for a few popular E-commerce plugins: WooCommerce, WP E-commerce and Jigoshop
  • Bug Fix - Password protected pages in WordPress 3.5+ should now be properly secured.
  • Bug Fix - The SSL Admin setting should now be properly retained when using FORCE_SSL_ADMIN.
  • Bug Fix - Links to the home page should now properly be set to HTTP when using Force SSL Exclusively.
  • Bug Fix - Installations with a non-default wp-content folder location should no longer experience issues with the WordPress HTTPS settings page.
3.3.0 2012-12-30
  • Tested with WordPress v3.5.
  • Added German translation and gettext support. Thanks Christian Foellmann.
  • Large sites using the default SSL Host (matching the Site URL) should experience a significant performance increase.
  • Added the Access-Control-Allow-Origin header to AJAX calls to allow local HTTP pages make HTTPS AJAX calls.
3.2.3 2012-11-17
  • Bug Fix - Sites prevented from logging into the admin panel after the previous release should now be working again.
  • Bug Fix - Fixed bug in Parser where links and forms could be written incorrectly.
3.2.2 2012-11-10
  • Performance Increase.
  • Bug Fix - Sites prevented from logging into the admin panel after the previous release should now be working again.
3.2.1 2012-10-17
  • Added Network settings for multisite installations.
  • Bug Fix - Elements should now be properly secured by the file extension check in the Parser.
  • Bug Fix - Pages being redirected should no longer always redirect to index.php for some server configurations.
  • Bug Fix - FORCE_SSL_ADMIN option should no longer cause redirect loops if the ssl_admin setting is set to false.
3.2 2012-10-07
  • Added domain mapping. Domain mapping allows you to map external domains that host their HTTPS content on a different domain.
  • Added Remove Unsecure Elements option. If possible, this option removes external elements from the page that can not be loaded over HTTPS, preventing insecure content errors without modifying any code.
  • ClouldFlare support.
  • Substantial memory optimization.
  • Removed Secure Front Page option. This can now be achieved through URL Filters.
  • Bug Fix - Visiting the admin panel over HTTP when using Shared SSL should no longer log the user out, but will now redirect accordingly.
  • Bug Fix - Random 404 errors should be gone.
  • Bug Fix - Fixed bug where a bad setting for ssl_host would cause the code to fail.
  • Bug Fix - CSS backgrounds that do not have quotes should no longer break debug output.
3.1.2 2012-07-13
  • Bug Fix - Redirects should no longer remove URL parameters.
  • Bug Fix - Removed loginout filter that was changing links to plain text.
  • Bug Fix - Plugin should no longer cause JavaScript errors from removing quotes from the end of URL's.
  • Bug Fix - CSS backgrounds that do not have quotes should no longer break debug output.
3.1.1 2012-07-09
  • Bug Fix - Fixed bug in Parser.
3.1 2012-07-09
  • Memory optimization.
  • Added secure URL filtering.
  • Users receiving 404 errors on every page when using Shared SSL should now be able to use those Shared SSL's that previously did not work.
  • Added support for qTranslate.
  • Added support for securing custom post types.
  • Added $url to the force_ssl filter as the third arguement. See FAQ for example usage.
3.0.4 2012-05-28
  • Fixed multiple bugs for sites using SSL for the entire site.
  • Bug Fix - plugin should no longer try to load hidden files as modules.
3.0.3 2012-05-02
  • Any element on an HTTP page that is set to HTTPS should be auto-corrected.
  • Added support for domain mapper plugin.
  • Bug Fix - SSL Host should now always end in a trailing slash.
  • Bug Fix - Fixed bug in cookie logic that prevented some users from logging in.
  • Bug Fix - Fixed bug in redirects that would cause login issues and 404 errors.
3.0.2 2012-04-22
  • Added setting to change where HTTPS settings appear in the admin panel.
  • Any element on an HTTP page that is set to HTTPS should be auto-corrected.
  • Bug Fix - Plugin should no longer interefere with editing posts and using images from the Media Library.
  • Bug Fix - Fixed major bug that occurred when site was installed in the base directory.
  • Bug Fix - File uploader should no longer produce an HTTP Error.
  • Bug Fix - Fixed performance issue that caused the login page to load for a long period of time.
  • Bug Fix - Proxy check should no longer interfere with RSS Feeds, HTML Validators, etc.
  • Bug Fix - Force SSL and SSL Front Page should no longer conflict.
  • Bug Fix - If Force SSL Exclusively is enabled and Secure Front Page is not (or the front page is not secured), links to the front page will be set to HTTP.
3.0.1 2012-04-19
  • Bug Fix - Fixed major issue when upgrading from previous version of WordPress HTTPS.
  • Bug Fix - Added is_ssl method back to main plugin class to avoid errors with Gravity Forms.
  • Bug Fix - Archive widget links should now appear correctly.
3.0 2012-04-17
  • The plugin has been completely re-written.
  • Redirect loops should no longer be an issue.
  • Bugs are likely to occur.
2.0.4 2011-12-17
  • Bug Fix - Users using Shared SSL should no longer have broken URL's and redirects.
  • Bug Fix - Pages should correctly be identified as HTTPS if PHP returns an IP address for HTTP_HOST in $_SERVER.
  • Bug Fix - Users using the default permalink structure should now have URL's being properly changed to/from HTTPS.
2.0.3 2011-12-15
  • Force SSL Admin will always be enabled when FORCE_SSL_ADMIN is true in wp-config.php.
  • Bug Fix - Users using Shared SSL should no longer have issues with the SSL Host path duplicating in URL's.
  • Bug Fix - The plugin should now function properly when using a subdomain as the SSL Host.
  • Bug Fix - Page and post links will only be forced to HTTPS when using a different SSL Host that is not a subdomain of your Home URL.
  • Bug Fix - WordPress HTTPS should no longer generate erroneous notices and warnings in apache error logs. (If I missed any, let me know)
2.0.2 2011-11-26
  • Bug Fix - SSL Host option was not being saved correctly upon subsiquent saves. This was causing redirect loops for most users.
2.0.1 2011-11-25
  • Ensured that deprected options are removed from a WordPress installation when activating the plugin.
  • Added an option to the WordPress HTTPS settings page to delete the cache of external links.
  • Bug Fix - URL's entered for SSL Host were not validing correctly.
  • Bug Fix - External URL's were not always being identified as valid external elements.
  • Bug Fix - Slight enhancement to SSL detection.
2.0 2011-10-31
  • Full support for using a custom SSL port has been added. A special thanks to Chris "doingweb" Antes for his feedback and testing of this feature.
  • Forcing pages to/from HTTPS is now pluggable using the 'force_ssl' filter.
  • When using Force Shared SSL Admin, links to the admin panel will always be rewritten with the Shared SSL Host.
  • When using Shared SSL, all links to post and pages from within the admin panel will use the Shared SSL Host to retain administration functionality on those pages.
  • Redirects to the admin panel now hook into wp_redirect rather than using the auth_redirect pluggable function.
  • Canonical redirects will now still occur on sites usinga different SSL Host, but not on secure pages.
  • Cookies are now set with hooks rather than pluggable functions.
  • Plugin will now delete all options and custom metadata when uninstalled.
  • Added a HTTP_X_FORWARDED_PROTO check to the is_ssl function.
  • Internal HTTPS Elements option has been removed. Disabling this option was never a good idea, so it was removed and the plugin will always act as it did when this option was enabled.
  • External HTTPS Elements option has been removed. The handling of external elements has improved in such a way that this option is no longer required.
  • Disable Automatic HTTPS option has been removed. This option should have generally been enabled anyway.
  • Bug Fix - After logging in, the logged_in cookie was not being set properly. This caused the admin bar to not show up in both HTTP and HTTPS.
  • Bug Fix - When using Shared SSL, the login page would not honor the redirect_to variable after a successful login.
1.9.2 2011-08-09
  • Added External URL caching to the plugin so that external elements will only be checked for once, increasing the speed of sites not using the Bypass External Check option.
  • Any forms whose action points to page that has the Forced SSL option on will be updated to HTTPS even on HTTP pages.
  • Bug Fix - When using Shared SSL, permalink structure was being buggy.
  • Bug Fix - Certain server configurations were causing the plugin to create redirect loops when using the Force SSL Exclusively option.
1.9.1 2011-07-22
  • Bug Fix - Cookies were not being set to the correct paths when logging in, causing logins to fail.
  • Bug Fix - Links to the front page when using latest posts were not correctly being set to HTTP/HTTPS.
  • Bug Fix - When using Shared SSL, the HTTPS version of the site_url was not being correctly replaced with the Shared SSL URL for internal elements.
  • Bug Fix - When using Shared SSL, the admin login page was not always redirecting properly due to output buffering.
  • Bug Fix - When using Shared SSL, the auth_redirect function was not redirecting to the Shared SSL URL.
  • Bug Fix - If the home_url contained 'www' but the URL appeared without 'www', the URL would not be fixed.
  • Stanards - Updated redirect method to use https or http as a an argument rather than true or false to better comply with WordPress coding standards.
1.9 2011-07-15
  • Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
  • Added support for PHP4.
  • Converted all spaces to tabs in source.
  • Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
  • Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
  • Bug fix - Password protected pages forced to SSL will now work properly.
  • Bug fix - Plugin should no longer break feeds.
  • Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
1.8.5 2010-12-15
  • In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
  • Updated RegEx's for more complicated URL's.
  • Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
  • Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
1.8.1 2010-11-06
  • Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
1.8 2010-11-05
  • Fixed cross-browser CSS issue on plugin settings page.
  • Corrected and updated plugin settings validation.
  • Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
  • If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
  • When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
  • Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
1.7.5 2010-10-22
  • Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
  • Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
  • Changed redirects to send a '301 Permanently Moved' header rather than a '302 Temporarily Moved' header.
  • General code cleanup and such.
1.7 2010-10-14
  • Bug fix - External URL's were not being forced to HTTPS after the last update.
  • Added the functionality to correct relative URL's when using Shared SSL.
  • General code cleanup and such.
1.6.5 2010-10-14
  • Added support for Shared SSL.
1.6.3 2010-10-13
  • Changed the redirection check to use template_redirect hook rather than get_header.
1.6.2 2010-10-12
  • Tag links were not being set back to HTTP when the 'Disable Automatic HTTPS' option was enabled.
1.6.1 2010-10-12
  • Bug fix - front page redirection was causing issues when a static page was selected for the posts page.
1.6 2010-10-11
  • Multiple enhancements to core functionality of plugin. Mostly just changing code to integrate more smoothely with WordPress.
  • Enhancements have been made to the plugin's settings page.
1.5.2 2010-10-06
  • Fixed a bug that would prevent stylesheets from being fixed if the rel attribute came after the href attribute. Bug could have also caused errors with other tags.
1.5.1 2010-09-29
  • Added input elements with the type of 'image' to be filtered for insecure content.
1.5 2010-09-27
  • Added the ability to force SSL on certain pages.
  • Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
  • Plugin now filters the bloginfo and bloginfo_url functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
1.0.1 2010-09-18
  • Bug fix.
1.0 2010-09-18
  • Major modifications to plugin structure, efficiency, and documentation.
  • Added the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
0.5.1 2010-09-07
  • Bug fix.
0.5 2010-08-19
  • Due to increasing concerns about plugin performance, the option to bypass the HTTPS check on external elements has been added.


0.4 2010-08-18
  • Plugin functions converted to OOP class.
  • The plugin will now attempt to set the allow_url_fopen option to true with ini_set function if possible.


0.3 2010-08-18
  • Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.


0.2 2010-08-06
  • Changed the way in which HTTPS was detected to be more reliable.


0.1 2010-08-04
  • Initial Release