{"id":230257,"date":"2025-04-22T09:50:33","date_gmt":"2025-04-22T09:50:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/flex-ssl\/"},"modified":"2026-03-08T20:59:23","modified_gmt":"2026-03-08T20:59:23","slug":"flex-ssl","status":"publish","type":"plugin","link":"https:\/\/twd.wordpress.org\/plugins\/flex-ssl\/","author":23082855,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.8","stable_tag":"1.0.8","tested":"6.8.5","requires":"5.0","requires_php":"7.0","requires_plugins":null,"header_name":"Flex SSL","header_author":"Future Systems","header_description":"Enables SSL and forces HTTPS on WordPress sites.","assets_banners_color":"869bf1","last_updated":"2026-03-08 20:59:23","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/flex-fields.com\/ssl\/","header_author_uri":"https:\/\/f-s.am","rating":0,"author_block_rating":0,"active_installs":30,"downloads":626,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"flexfields","date":"2025-04-22 09:50:31"},"1.0.8":{"tag":"1.0.8","author":"flexfields","date":"2026-03-08 20:59:23"}},"upgrade_notice":{"1.0.8":"<p>WordPress.org compatibility: escaping fixes, Tested up to 6.8.<\/p>","1.0.7":"<p>UX improvements: checkbox labels, help text for options, relative SSL expiry display.<\/p>","1.0.6":"<p>Code quality: i18n, index.php, uninstall.php, proper redirect for Clear Logs.<\/p>","1.0.5":"<p>Fixed tab redirect after saving settings; stay on the active tab.<\/p>","1.0.4":"<p>Mixed Content Fixer now covers excerpts, thumbnails, scripts, styles, content_url, and home_url.<\/p>","1.0.3":"<p>Performance improvements: SSL availability and site URL update checks are now cached.<\/p>","1.0.2":"<p>Security improvements: Host header validation, configurable FORCE_SSL_ADMIN, removed deprecated X-XSS-Protection header.<\/p>","1.0.1":"<p>Bug fixes: WooCommerce Safe Mode setting, option typo, logs tab, and array sanitization.<\/p>","1.0.0":"<p>Initial release. Enjoy enhanced security and hassle-free HTTPS enforcement on your WordPress site.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3278864,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3279231,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.8"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3477605,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3477605,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3477605,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3477605,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3477605,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3477605,"resolution":"6","location":"assets","locale":""}},"screenshots":{"1":"<strong>General Settings<\/strong> \u2013 Configure SSL, force HTTPS, and update site URLs.","2":"<strong>Security Settings<\/strong> \u2013 Enable mixed content fixer, HSTS, and other headers.","3":"<strong>SSL Status<\/strong> \u2013 View if SSL is enabled and check certificate expiry.","4":"<strong>Redirect Settings<\/strong> \u2013 Select 301 Permanent or 302 Temporary redirects.","5":"<strong>Let's Encrypt (Coming Soon)<\/strong> \u2013 Placeholder screen for upcoming functionality.","6":"<strong>Logs<\/strong> \u2013 View and clear recent logs."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[3882,1908,24593,600,1536],"plugin_category":[54],"plugin_contributors":[240619],"plugin_business_model":[],"class_list":["post-230257","plugin","type-plugin","status-publish","hentry","plugin_tags-cloudflare","plugin_tags-https","plugin_tags-mixed-content","plugin_tags-security","plugin_tags-ssl","plugin_category-security-and-spam-protection","plugin_contributors-flexfields","plugin_committers-flexfields"],"banners":{"banner":"https:\/\/ps.w.org\/flex-ssl\/assets\/banner-772x250.jpg?rev=3279231","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/flex-ssl\/assets\/icon-256x256.png?rev=3278864","icon_2x":"https:\/\/ps.w.org\/flex-ssl\/assets\/icon-256x256.png?rev=3278864","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-1.png?rev=3477605","caption":"<strong>General Settings<\/strong> \u2013 Configure SSL, force HTTPS, and update site URLs."},{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-2.png?rev=3477605","caption":"<strong>Security Settings<\/strong> \u2013 Enable mixed content fixer, HSTS, and other headers."},{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-3.png?rev=3477605","caption":"<strong>SSL Status<\/strong> \u2013 View if SSL is enabled and check certificate expiry."},{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-4.png?rev=3477605","caption":"<strong>Redirect Settings<\/strong> \u2013 Select 301 Permanent or 302 Temporary redirects."},{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-5.png?rev=3477605","caption":"<strong>Let's Encrypt (Coming Soon)<\/strong> \u2013 Placeholder screen for upcoming functionality."},{"src":"https:\/\/ps.w.org\/flex-ssl\/assets\/screenshot-6.png?rev=3477605","caption":"<strong>Logs<\/strong> \u2013 View and clear recent logs."}],"raw_content":"<!--section=description-->\n<p>Flex SSL is a lightweight WordPress plugin designed to secure your website by enforcing HTTPS across your entire site. Key features include:<\/p>\n\n<ul>\n<li><strong>Force HTTPS:<\/strong> Automatically redirect all HTTP requests to HTTPS.<\/li>\n<li><strong>Auto-Update URLs:<\/strong> Change WordPress site and home URLs from HTTP to HTTPS.<\/li>\n<li><strong>Cloudflare\/Proxy Support:<\/strong> Detects HTTPS headers from Cloudflare or other reverse proxies to avoid redirect loops.<\/li>\n<li><strong>Security Headers:<\/strong> Optionally add HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy. Force SSL Admin when HTTPS is in use.<\/li>\n<li><strong>Mixed Content Fixer:<\/strong> Corrects HTTP to HTTPS in content, excerpts, thumbnails, scripts, styles, content_url, and home_url.<\/li>\n<li><strong>SSL Status:<\/strong> View current SSL status and certificate expiry date.<\/li>\n<li><strong>Redirect Options:<\/strong> Choose between 301 (permanent) and 302 (temporary) redirects.<\/li>\n<li><strong>Logs &amp; Reports:<\/strong> Monitor changes and events in a log system.<\/li>\n<li><strong>Let's Encrypt Integration (Coming Soon):<\/strong> Plan to automatically generate and renew SSL certificates.<\/li>\n<\/ul>\n\n<h3>License<\/h3>\n\n<p>Flex SSL is free software: you can redistribute it and\/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.<\/p>\n\n<p>For more details, see https:\/\/www.gnu.org\/licenses\/gpl-2.0.html.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>flex-ssl<\/code> folder to your <code>\/wp-content\/plugins\/<\/code> directory or install via the WordPress plugin installer.<\/li>\n<li>Activate the plugin through the WordPress admin.<\/li>\n<li>Navigate to the Flex SSL settings page from the admin menu.<\/li>\n<li>Configure the desired settings:\n\n<ul>\n<li>Enable SSL.<\/li>\n<li>Force HTTPS.<\/li>\n<li>Auto-update WordPress site URLs to HTTPS.<\/li>\n<li>Enable security headers and mixed content fixer.<\/li>\n<\/ul><\/li>\n<li>(Coming Soon) Use the upcoming Let's Encrypt integration to generate SSL certificates automatically.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20flex%20ssl%20work%20behind%20cloudflare%3F\"><h3>Does Flex SSL work behind Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. Flex SSL supports reverse proxy configurations including Cloudflare\u2019s Flexible and Full SSL modes by detecting proxy headers.<\/p><\/dd>\n<dt id=\"do%20i%20need%20to%20modify%20wp-config.php%3F\"><h3>Do I need to modify wp-config.php?<\/h3><\/dt>\n<dd><p>No. Flex SSL is designed to work out-of-the-box without requiring changes to wp-config.php.<\/p><\/dd>\n<dt id=\"how%20do%20i%20generate%20an%20ssl%20certificate%3F\"><h3>How do I generate an SSL certificate?<\/h3><\/dt>\n<dd><p>Let's Encrypt integration is marked as \u201cComing Soon.\u201d Future versions will allow you to generate and renew SSL certificates directly from the plugin.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20ssl%20is%20not%20installed%20on%20my%20server%3F\"><h3>What happens if SSL is not installed on my server?<\/h3><\/dt>\n<dd><p>The plugin detects SSL availability and will disable features if no certificate is found. A notice is shown in the settings area to guide you.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>WordPress.org compatibility: Tested up to 6.8.<\/li>\n<li>Ensure all output strings use esc_html, esc_attr, esc_url (Recent Logs, Clear Logs, About link, nav-tab class).<\/li>\n<li>uninstall.php and index.php already present (confirmed).<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>UX: Added labels for all checkboxes (accessibility).<\/li>\n<li>UX: Added short help text for Update Site URL, HSTS, WooCommerce Safe Mode, and other options.<\/li>\n<li>UX: SSL certificate expiry now shows relative text (e.g. \"Expires in 30 days\").<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Added load_plugin_textdomain for i18n (plugins_loaded).<\/li>\n<li>Added index.php in plugin root for security.<\/li>\n<li>Added uninstall.php to remove options on uninstall.<\/li>\n<li>Replaced Clear Logs location.reload with wp_safe_redirect (handler moved to admin_init).<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Fixed tab redirect after save: add flex_ssl_active_tab and flex_ssl_nonce hidden fields to forms; use wp_redirect filter.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Mixed Content Fixer: Extended to the_excerpt, post_thumbnail_url, script_loader_src, style_loader_src, content_url, home_url.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Performance: Cache is_ssl_available() result (1 hour transient) to avoid repeated socket connections.<\/li>\n<li>Performance: Site URL updates run at most once per 24 hours; transient invalidated when option is changed.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Security: Validate Host header to prevent header injection (redirects, SSL checks).<\/li>\n<li>FORCE_SSL_ADMIN is now optional and only set when SSL is in use.<\/li>\n<li>Removed deprecated X-XSS-Protection header (modern browsers deprecate it).<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Fixed option typo: <code>flex_ssl_flex_ssl_woo_safe_mode<\/code> renamed to <code>flex_ssl_woo_safe_mode<\/code>.<\/li>\n<li>WooCommerce Safe Mode now respects the setting (was always redirecting).<\/li>\n<li>Fixed logs option: custom sanitizer for array storage (was incorrectly using wp_kses_post).<\/li>\n<li>Added Logs tab to settings page (logs_settings existed but tab was missing).<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release of Flex SSL.<\/li>\n<li>Force HTTPS on front-end.<\/li>\n<li>Auto-update site URLs to HTTPS.<\/li>\n<li>Cloudflare and reverse proxy support.<\/li>\n<li>Security headers and mixed content fixer.<\/li>\n<li>SSL status and logs.<\/li>\n<li>(Coming Soon) Let's Encrypt integration for automatic SSL generation.<\/li>\n<\/ul>","raw_excerpt":"Enables SSL &amp; forces HTTPS on WordPress, updating URLs &amp; adding security headers. Supports reverse proxies &amp; soon integrates Let&#039;s Encrypt.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/230257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=230257"}],"author":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/flexfields"}],"wp:attachment":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=230257"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=230257"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=230257"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=230257"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=230257"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=230257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}