Almost everyone is familiar with the green padlock icon next to the website URL in the browser. But have you wondered why it’s even there, or if it’s even necessary for your website?
The padlock next to a URL indicates that the website you are visiting has enabled the SSL protocol (Secure Sockets Layer) to secure communication between the client and server. You can also confirm that a website uses SSL if its URL starts with HTTPS instead of HTTP.
Why Do You Need SSL on My Website?
An SSL certificate ensures that all data submitted through your website is encrypted and the data is securely transported from client to server. Without an SSL, your visitors are at risk of having their sensitive data stolen.
Even if your site does not collect sensitive information from visitors, there are still many reasons to get your website on SSL. Without using any form of encryption, your website’s security is also at risk from several types of attacks. Furthermore, multiple search engines have stated that a website secured with SSL will have an advantage over unsecured websites.
Why Should You Use Really Simple SSL?
Really Simple SSL activates SSL on your WordPress without the need for coding skills. The plugin automatically detects your settings and configures your website to operate on HTTPS. Since Cloudways provides a free SSL certificate with all hosting packages, it can be easily activated and configured with Really Simple SSL.
Really Simple SSL is the most popular SSL plugin for WordPress, with over 5 million active installations. The plugin is lightweight and incredibly easy, as it allows you to enable SSL with just a single click.
Found the Right SSL Plugin? Your Site Needs More.
Download our FREE ebook to unlock 45+ essential WordPress plugins for your site’s overall performance & security optimization.
Thank You
Your list is on it’s Way to Your Inbox.
Automatically Fix SSL Issues
Really Simple SSL also automatically fixes most issues that WordPress has with SSL. No headers being passed to WordPress (which it uses to detect SSL), load balancers, reverse proxies, etc.
Redirect Requests to HTTPS
When SSL is activated, anyone who attempts to visit the HTTP URL should be redirected to HTTPS. The PHP redirect (301 Redirect) is enabled by default. However, you can use a .htaccess redirect as well. The .htaccess redirect is faster and more reliable, making it the recommended option for sites running on Apache webservers.
Replace Content from HTTP to HTTPS
Really Simple SSL scans for insecure and mixed content on your website and dynamically fixes this by replacing the HTTP URLs with HTTPS, except for hyperlinks to other domains.
Change siteURL and homeURL to HTTPS
Automatically change your siteURL and homeURL to HTTPS and, if applicable, make the necessary changes to the “wp-config.php“ file.
Migration in WordPress 5.7
From WordPress 5.7, it became possible to migrate your website to HTTPS with a button that updates the site. Really Simple SSL goes beyond this functionality by dynamically fixing mixed content and safeguarding that the migration has been completed successfully.
Really Simple SSL Pro
It is recommended to use security headers on your website, and Really Simple SSL Pro can automatically implement these for you. Security headers apply extra security rules to your site, adding an additional layer of security. Moreover, the Pro version supports HttpOnly and secure flags to make cookies secure/encrypted.
Submit Your Site to the HSTS Preload List
HTTP Strict Transport Security (HSTS) is designed for situations where another site pretends to be your site. Imagine a user visiting your site from a public network, but a hacker redirects the user to a fake version of your site. This phony domain is not on SSL and contains a virus.
If you enable HSTS on your site and the user visited your site before, their browser remembers using SSL for that site. The fake site does not have an SSL certificate and becomes unreachable as a result.
It could be that the user never visited your site before, making it possible to request the HTTP version, so to prevent this from happening, a preload list was created that gets preloaded in supported browsers. If the user opens your site in the browser, it will know to request it over SSL.
Elaborate Mixed Content Scan
Certain types of mixed content cannot be dynamically fixed. Really Simple SSL Pro includes an extensive scan to detect and highlight mixed content sources, with a ‘fix’ button that automatically fixes these issues. The types of mixed content that can be fixed automatically with the Pro plugin are listed below.
HTTP Links in Stylesheets or JavaScript Files
HTTP links in your site to JavaScript files or stylesheets on other domains included JS or CSS files on other domains and this domain does not have an SSL certificate HTTP links in CSS or JS files on other domains hot-linked images.
Final Thoughts!
Really Simple SSL receives regular updates that include new features and other improvements. As a Top 10 plugin on the WordPress repository, the plugin has proven to be a must-use for every WordPress website. You can upgrade to the Pro version for just $29. Considering the automatic scan & fix functionality for insecure content, plus the number of additional security features in the Pro version, it’s worth the upgrade.
The plugin’s team is always willing to help out whether you use the Free or Paid version. Their support team is very responsive and goes the extra mile to help customers with any issues they might encounter.
Note: This article was published in collaboration with Really Simple SSL.
Frequently Asked Questions
Q. Can I delete Really Simple SSL?
Yes, you can safely delete the Really Simple SSL plugin. However, deactivating it will disable SSL, reverting to insecure HTTP. If switching, configure the new SSL solution to maintain security.
Q. How much is Really Simple SSL plugin?
Really Simple SSL has a free version on WordPress.org. For advanced features and support, the Pro version is priced at $49 (Personal), $99 (Professional), and $199 (Agency).
Q. How to generate an SSL certificate with Really Simple SSL?
Really Simple SSL doesn’t generate SSL certificates. Obtain one from a Certificate Authority (e.g., Let’s Encrypt), then let the plugin automate the setup after installation and activation.
Q. Should I use the Really Simple SSL plugin?
Yes, you can use the Really Simple SSL plugin if you want to enable SSL on your WordPress site with automatic redirects and minimal configuration. However, before picking up the plugin, consider compatibility and dependency on the plugin’s continued maintenance and updates.
Q. What is a Simple SSL certificate?
A Simple SSL certificate (SSL/TLS) encrypts data between a user’s browser and the website server, securing sensitive information. Really Simple SSL simplifies SSL certificate implementation on WordPress for a seamless transition to HTTPS.
Mansoor Ahmed Khan
Been in content marketing since 2014, and I still get a kick out of creating stories that resonate with the target audience and drive results. At Cloudways by DigitalOcean (a leading cloud hosting company, btw!), I lead a dream team of content creators. Together, we brainstorm, write, and churn out awesome content across all the channels: blogs, social media, emails, you name it! You can reach out to me at [email protected].