{"id":253706,"date":"2025-10-02T17:34:27","date_gmt":"2025-10-02T17:34:27","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/volixta-ssl-security-headers\/"},"modified":"2026-03-10T23:33:47","modified_gmt":"2026-03-10T23:33:47","slug":"volixta-ssl-security-headers","status":"publish","type":"plugin","link":"https:\/\/kea.wordpress.org\/plugins\/volixta-ssl-security-headers\/","author":23369681,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.4","stable_tag":"1.1.4","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Volixta SSL & Security Headers","header_author":"HELLO SITE LLC","header_description":"Activate SSL\/HTTPS, apply modern Security Headers (incl. HSTS), fix mixed content, file-permissions audit, \u2014 simple & safe.","assets_banners_color":"121b2c","last_updated":"2026-03-10 23:33:47","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.agence-hello-site.com\/","rating":4,"author_block_rating":0,"active_installs":10,"downloads":671,"num_ratings":4,"support_threads":1,"support_threads_resolved":1,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"volixta","date":"2025-10-02 17:45:37"},"1.0.1":{"tag":"1.0.1","author":"volixta","date":"2025-10-03 01:09:29"},"1.0.10":{"tag":"1.0.10","author":"volixta","date":"2025-11-03 15:01:13"},"1.0.2":{"tag":"1.0.2","author":"volixta","date":"2025-10-03 01:22:25"},"1.0.3":{"tag":"1.0.3","author":"volixta","date":"2025-10-03 23:15:22"},"1.0.4":{"tag":"1.0.4","author":"volixta","date":"2025-10-03 23:21:06"},"1.0.5":{"tag":"1.0.5","author":"volixta","date":"2025-10-03 23:45:26"},"1.0.6":{"tag":"1.0.6","author":"volixta","date":"2025-11-03 14:34:56"},"1.0.7":{"tag":"1.0.7","author":"volixta","date":"2025-11-03 14:44:42"},"1.0.8":{"tag":"1.0.8","author":"volixta","date":"2025-11-03 14:50:23"},"1.0.9":{"tag":"1.0.9","author":"volixta","date":"2025-11-03 14:57:55"},"1.1.0":{"tag":"1.1.0","author":"volixta","date":"2025-11-08 02:07:38"},"1.1.1":{"tag":"1.1.1","author":"volixta","date":"2025-12-07 12:12:12"},"1.1.2":{"tag":"1.1.2","author":"volixta","date":"2025-12-10 13:09:20"},"1.1.3":{"tag":"1.1.3","author":"volixta","date":"2026-03-09 00:03:03"},"1.1.4":{"tag":"1.1.4","author":"volixta","date":"2026-03-10 23:33:47"}},"upgrade_notice":{"1.1.3":"<p>The Security Hardening module has been removed to improve stability and compatibility.<br \/>\nThose features will be included in the upcoming <strong>Volixta Security Suite<\/strong> plugin.<\/p>\n\n<hr \/>"},"ratings":{"1":1,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3371933,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3371933,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3371933,"resolution":"1544x500","location":"assets","locale":""},"banner-772\u00d7250.png":{"filename":"banner-772\u00d7250.png","revision":3371933,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.10","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3371933,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3371933,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3371933,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3371933,"resolution":"4","location":"assets","locale":""}},"screenshots":{"1":"Dashboard showing SSL, redirect, headers, and server checks","2":"One-click SSL activation and HTTPS redirect","3":"Mixed content scan and fixer","4":"Security headers configuration panel"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1908,24593,153786,1536],"plugin_category":[54],"plugin_contributors":[248681],"plugin_business_model":[],"class_list":["post-253706","plugin","type-plugin","status-publish","hentry","plugin_tags-https","plugin_tags-mixed-content","plugin_tags-security-headers","plugin_tags-ssl","plugin_category-security-and-spam-protection","plugin_contributors-volixta","plugin_committers-volixta"],"banners":{"banner":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/banner-772\u00d7250.png?rev=3371933","banner_2x":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/banner-1544x500.png?rev=3371933","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/icon-128x128.png?rev=3371933","icon_2x":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/icon-256x256.png?rev=3371933","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/screenshot-1.png?rev=3371933","caption":"Dashboard showing SSL, redirect, headers, and server checks"},{"src":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/screenshot-2.png?rev=3371933","caption":"One-click SSL activation and HTTPS redirect"},{"src":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/screenshot-3.png?rev=3371933","caption":"Mixed content scan and fixer"},{"src":"https:\/\/ps.w.org\/volixta-ssl-security-headers\/assets\/screenshot-4.png?rev=3371933","caption":"Security headers configuration panel"}],"raw_content":"<!--section=description-->\n<p>Is your WordPress site still serving pages over <strong>HTTP<\/strong> instead of <strong>HTTPS<\/strong>?<br \/>\nDo you see browser warnings like <em>\"Not Secure\"<\/em> even though you installed SSL?<br \/>\nAre you getting <strong>mixed content errors<\/strong> in Chrome or Firefox after enabling HTTPS?<br \/>\nIs your Site Health report complaining about missing <strong>security headers<\/strong>?<\/p>\n\n<p>\ud83d\udc49 <strong>Volixta SSL &amp; Security Headers fixes all of these in a few clicks.<\/strong><\/p>\n\n<p>Easily <strong>activate SSL<\/strong>, <strong>force 301 redirects<\/strong>, repair <strong>mixed content<\/strong>, and apply recommended <strong>WordPress security headers<\/strong> like HSTS, CSP, and X-Frame-Options.<\/p>\n\n\n\n<h3>\ud83d\udd10 What does Volixta do?<\/h3>\n\n<ul>\n<li><strong>Activate SSL automatically<\/strong>: safely update your WordPress <code>home<\/code> and <code>siteurl<\/code> to use <code>https:\/\/<\/code>.<\/li>\n<li><strong>Force HTTPS with 301 redirect<\/strong>: adds a safe <code>.htaccess<\/code> block on Apache\/LiteSpeed, or falls back to a PHP redirect if needed.<\/li>\n<li><strong>Fix mixed content<\/strong>: scans your posts, postmeta, and options for <code>http:\/\/<\/code> links and replaces them with <code>https:\/\/<\/code> (serialization-safe).<\/li>\n<li><strong>Apply modern HTTP Security Headers<\/strong>: HSTS, Content-Security-Policy (<code>upgrade-insecure-requests<\/code>), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP\/COEP\/CORP.<\/li>\n<li><strong>Nginx friendly<\/strong>: when <code>.htaccess<\/code> is not available, Volixta shows ready-to-copy Nginx rules.<\/li>\n<li><strong>Site Health integration<\/strong>: checks for SSL, redirects, and security headers.<\/li>\n<\/ul>\n\n\n\n<h3>\u2705 Why choose Volixta?<\/h3>\n\n<ul>\n<li><p><strong>Safe by design<\/strong><br \/>\nNothing is applied automatically. You choose what to enable. Each <code>.htaccess<\/code> modification creates a timestamped backup.<\/p><\/li>\n<li><p><strong>Serialization-safe mixed content fixer<\/strong><br \/>\nNo risk of breaking complex serialized data in <code>postmeta<\/code> or <code>options<\/code>.<\/p><\/li>\n<li><p><strong>Admin-only processing<\/strong><br \/>\nEverything runs in the admin area. The frontend only uses the optional PHP redirect when required.<\/p><\/li>\n<li><p><strong>Localhost aware<\/strong><br \/>\nDetects local environments (<code>localhost<\/code>, <code>.local<\/code>, <code>.test<\/code>) and provides instructions for enabling trusted HTTPS locally with <a href=\"https:\/\/github.com\/FiloSottile\/mkcert\">mkcert<\/a>.<\/p><\/li>\n<\/ul>\n\n\n\n<h3>\ud83d\udd0e Typical problems solved<\/h3>\n\n<p><strong>How do I activate SSL in WordPress?<\/strong><br \/>\n\u2192 One click in Volixta updates your site to HTTPS safely.<\/p>\n\n<p><strong>How do I force HTTPS with 301 redirects?<\/strong><br \/>\n\u2192 Volixta inserts a safe <code>.htaccess<\/code> redirect or uses a PHP fallback.<\/p>\n\n<p><strong>My Site Health report says \u201cNo security headers detected\u201d.<\/strong><br \/>\n\u2192 Apply modern <strong>security headers<\/strong> in one click.<\/p>\n\n<p><strong>How can I add WordPress security headers without editing code?<\/strong><br \/>\n\u2192 Configure and apply headers from the plugin interface.<\/p>\n\n<p><strong>After enabling SSL, my site still shows mixed content errors.<\/strong><br \/>\n\u2192 Run the Mixed Content Scan + Fixer.<\/p>\n\n<p><strong>I'm on Nginx, so .htaccess doesn't work.<\/strong><br \/>\n\u2192 Volixta provides ready-to-copy Nginx configuration snippets.<\/p>\n\n\n\n<h3>Privacy<\/h3>\n\n<p>This plugin does not collect, store, or transmit personal data.<\/p>\n\n\n\n<h3>Localization<\/h3>\n\n<p>Text domain: <code>volixta-ssl-security-headers<\/code><br \/>\nLoad path: <code>\/languages<\/code><\/p>\n\n\n\n<h3>What\u2019s Next<\/h3>\n\n<p>If you like this plugin, check out our other tools:<\/p>\n\n<ul>\n<li><p><a href=\"https:\/\/volixta.com\">VOLIXTA Booking \u2013 The All-in-One WordPress Booking Plugin<\/a><br \/>\nManage unlimited staff, services, clients, payments, and locations in one powerful system.<\/p><\/li>\n<li><p><a href=\"https:\/\/volixta.com\/volixta-security-suite\">VOLIXTA Security Suite \u2013 Advanced WordPress Security Made Simple<\/a><\/p><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload to <code>\/wp-content\/plugins\/<\/code> or install from the WordPress plugin directory.<\/li>\n<li>Activate the plugin.<\/li>\n<li>Open <strong>Volixta SSL &amp; Security<\/strong> in the admin menu.<\/li>\n<li>With a valid SSL certificate:\n\n<ul>\n<li>Click <strong>Activate SSL<\/strong> to update WordPress URLs to HTTPS.<\/li>\n<li>Click <strong>Enable HTTPS Redirect<\/strong> to force HTTPS.<\/li>\n<li>Click <strong>Apply Security Headers<\/strong>.<\/li>\n<\/ul><\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20activate%20ssl%20in%20wordpress%3F\"><h3>How do I activate SSL in WordPress?<\/h3><\/dt>\n<dd><p>Open Volixta \u2192 click <strong>Activate SSL<\/strong>. The plugin updates your WordPress and Site URL to HTTPS.<\/p><\/dd>\n<dt id=\"how%20do%20i%20add%20security%20headers%20in%20wordpress%3F\"><h3>How do I add security headers in WordPress?<\/h3><\/dt>\n<dd><p>Go to the <strong>Security Headers<\/strong> panel and click <strong>Apply Security Headers<\/strong>.<\/p><\/dd>\n<dt id=\"does%20it%20modify%20.htaccess%3F\"><h3>Does it modify .htaccess?<\/h3><\/dt>\n<dd><p>Yes, but only when you trigger an action manually. Blocks are clearly wrapped:<\/p>\n\n<ul>\n<li><code># BEGIN Volixta HTTPS Redirect<\/code><\/li>\n<li><code># END Volixta HTTPS Redirect<\/code><\/li>\n<\/ul>\n\n<p>Each change creates a backup file.<\/p><\/dd>\n<dt id=\"will%20it%20work%20on%20nginx%3F\"><h3>Will it work on Nginx?<\/h3><\/dt>\n<dd><p>Yes. Volixta shows Nginx configuration snippets for redirects and headers.<\/p><\/dd>\n<dt id=\"does%20it%20slow%20down%20my%20site%3F\"><h3>Does it slow down my site?<\/h3><\/dt>\n<dd><p>No. Everything runs only in the admin panel. On the frontend, only the optional PHP redirect runs when enabled.<\/p><\/dd>\n<dt id=\"can%20i%20use%20it%20locally%3F\"><h3>Can I use it locally?<\/h3><\/dt>\n<dd><p>Yes. Local environments are detected automatically and instructions are provided to enable HTTPS with mkcert.<\/p><\/dd>\n<dt id=\"where%20are%20settings%20stored%3F\"><h3>Where are settings stored?<\/h3><\/dt>\n<dd><p>Only minimal configuration is stored in <code>wp_options<\/code>:\n- headers configuration\n- redirect flag\n- mixed content scan results<\/p>\n\n<\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.4 \u2013 2026-03-11<\/h4>\n\n<ul>\n<li>Updated readme.txt<\/li>\n<\/ul>\n\n<h4>1.1.3 \u2013 2026-03-09<\/h4>\n\n<ul>\n<li>Removed the Security Hardening module to improve stability and compatibility.  <\/li>\n<\/ul>\n\n<h4>1.1.2 \u2013 2025-12-10<\/h4>\n\n<ul>\n<li>Added new Hardening module:\n\n<ul>\n<li>Secure &amp; HttpOnly cookies (adds COOKIE_SECURE and COOKIE_HTTPONLY to wp-config.php)<\/li>\n<li>Disable directory indexing by inserting \u201cOptions -Indexes\u201d into .htaccess<\/li>\n<li>Block user enumeration (?author=ID and REST API <code>\/wp\/v2\/users<\/code>)<\/li>\n<\/ul><\/li>\n<li>Improved PHPCS compliance and sanitization for user enumeration blocking<\/li>\n<li>Updated uninstall routine to remove new hardening options<\/li>\n<li>UI enhancements for Security Hardening settings panel<\/li>\n<li>Updated readme.txt<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<p>Tested up to WordPress 6.9.<\/p>\n\n<h4>1.1.0<\/h4>\n\n<p>Improved SSL detection and code compliance.<\/p>\n\n<h4>1.0.10<\/h4>\n\n<p>Updated readme.<\/p>\n\n<h4>1.0.0<\/h4>\n\n<p>Initial release.<\/p>","raw_excerpt":"Add modern security headers, enable SSL\/HTTPS, fix mixed content, and force 301 redirects for WordPress. Fast, safe, and easy to use.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/253706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=253706"}],"author":[{"embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/volixta"}],"wp:attachment":[{"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=253706"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=253706"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=253706"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=253706"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=253706"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/kea.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=253706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}