Really Simple SSL

 

on WordPress Plugin

<p>Easily improve site security with WordPress hardening, vulnerability detection and SSL certificate generation.</p> <h3>Really simple, effective and lightweight WordPress Security</h3> <p>Really Simple SSL is the most lightweight and easy-to-use security plugin for WordPress. It lays the foundation of your WordPress website&#8217;s security by leveraging your SSL certificate, scanning for possible vulnerabilities and implementing essential WordPress hardening features.</p> <p>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple SSL is:</p> <ul> <li><strong>Lightweight:</strong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won&#8217;t load any redundant code.</li> <li><strong>Easy-to-use:</strong> 1-minute configuration with short onboarding setup.</li> </ul> <h3>Security Features</h3> <h4>Easy SSL Migration</h4> <p>Migrates your website to HTTPS and enforces SSL in just one click.</p> <ul> <li>301 redirect via PHP or .htaccess</li> <li>Secure cookies</li> <li>Let&#8217;s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.</li> <li>Server Health Check: Your server configuration is every bit as important for your website security.</li> </ul> <h4>WordPress Hardening</h4> <p>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.</p> <ul> <li>Prevent code execution in the uploads folder</li> <li>Prevent login feedback and disable user enumeration</li> <li>Disable XML-RPC</li> <li>Disable directory browsing</li> <li>Username restrictions (block &#8216;admin&#8217; and public names)</li> <li>and much more..</li> </ul> <h4>Vulnerability Detection</h4> <p>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.</p> <h3>Improve Security with Really Simple SSL Pro</h3> <p><a href="https://really-simple-ssl.com/" rel="nofollow ugc">Protect your site with all essential security features by upgrading to Really Simple SSL Pro.</a></p> <h4>Advanced SSL enforcement</h4> <ul> <li>Mixed Content Scan &amp; Fixer. Detect files that are requested over HTTP and fix it, both Front- and Back-end.</li> <li>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.</li> </ul> <h4>Security Headers</h4> <p>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.</p> <ul> <li>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.</li> <li>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.</li> <li>Automatically generate your WordPress-tailored Content Security Policy.</li> </ul> <h4>Vulnerability Measures</h4> <p>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won&#8217;t remain unattended.</p> <ul> <li>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.</li> <li>Quarantine: When a plugin or theme can&#8217;t be updated to solve a vulnerability, Really Simple SSL can quarantine the plugin.</li> </ul> <h4>Advanced Site Hardening</h4> <ul> <li>Choose a custom login URL</li> <li>Automated File Permissions check and fixer</li> <li>Rename and randomize your database prefix</li> <li>Change the debug.log file location to a non-public folder</li> <li>Disable application passwords</li> <li>Control admin creation</li> <li>Disable HTTP methods, reducing HTTP requests</li> </ul> <h4>Login Protection</h4> <p>Secure your website&#8217;s login process and user accounts with powerful security measures.</p> <ul> <li>Two-Step verification (Email login)</li> <li>Enforce strong passwords and frequent password change</li> <li>Limit Login Attempts</li> </ul> <p>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)</p> <h4>Access Control</h4> <ul> <li>Restrict access to your site for specific regions.</li> <li>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.</li> </ul> <h3>Useful Links</h3> <ul> <li><a href="https://really-simple-ssl.com/knowledge-base-overview/" rel="nofollow ugc">Documentation</a></li> <li><a href="https://really-simple-ssl.com/definitions/" rel="nofollow ugc">Security Definitions</a></li> <li><a href="https://translate.wordpress.org/projects/wp-plugins/really-simple-ssl" rel="nofollow ugc">Translate Really Simple SSL</a></li> <li><a href="https://github.com/Really-Simple-Plugins/really-simple-ssl/issues" rel="nofollow ugc">Issues &amp; pull requests</a></li> <li><a href="https://really-simple-ssl.com/feature-requests/" rel="nofollow ugc">Feature requests</a></li> </ul> <h3>Love Really Simple SSL?</h3> <p>If you want to support the continuing development of this plugin, please consider buying <a href="https://www.really-simple-ssl.com/pro/" rel="nofollow ugc">Really Simple SSL Pro</a>, which includes some excellent security features and premium support.</p> <h3>About Really Simple Plugins</h3> <p>Our mission is to make complex WordPress requirements really easy. Really Simple SSL is developed by <a href="https://www.really-simple-plugins.com" rel="nofollow ugc">Really Simple Plugins</a>.</p> <p>For generating SSL certificates, Really Simple SSL uses the <a href="https://github.com/fbett/le-acme2-php/" rel="nofollow ugc">le acme2 PHP</a> Let&#8217;s Encrypt client library, thanks to &#8216;fbett&#8217; for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We&#8217;re on <a href="https://github.com/really-simple-plugins/really-simple-ssl" rel="nofollow ugc">GitHub</a> as well!</p>