A WordPress plugin to activate and enforce SSL on your site with advanced security headers and privacy compliance.
So SSL is a comprehensive security and privacy plugin for WordPress that allows you to easily enforce SSL/HTTPS on your website, implement advanced security headers, enable two-factor authentication, and ensure privacy compliance with GDPR and US regulations.
Version: 1.4.6
- Force all traffic to use HTTPS/SSL
- Automatically redirect visitors from HTTP to HTTPS
- Compatible with all major WordPress themes and plugins
- HTTP Strict Transport Security (HSTS)
- Content Security Policy (CSP)
- X-Frame-Options protection against clickjacking
- Referrer Policy controls
- Permissions Policy for controlling browser feature access
- Cross-Origin protection with various policies
- GDPR and US privacy regulations compliance
- Customizable privacy acknowledgment page for logged-in users
- Role-based privacy requirements configuration
- Expiry settings for periodic privacy policy re-acknowledgment
- Full preview of privacy page in admin interface
- Modal-based acknowledgment system for better user experience
- Require administrators to accept terms before using plugin features
- Customizable agreement text and checkbox labels
- Role-based requirements with exemption options
- Periodic re-acknowledgment with configurable expiry
- Emergency override option for lockout prevention
- Email verification code option
- Google Authenticator app integration
- Role-based 2FA requirements
- Backup codes for emergency access
- Strong password enforcement
- Validation and strength checking
- Prevention of weak password usage
- View and manage active user sessions
- Terminate sessions on specific devices
- Limit maximum number of concurrent sessions
- Set maximum session duration
- Protection against brute force attacks
- Customizable lockout settings
- IP whitelist and blacklist management
- Email notifications for lockouts
- Upload the 'so-ssl' folder to the
/wp-content/plugins/directory - Activate the plugin through the 'Plugins' menu in WordPress
- Configure the plugin settings in the 'Settings > So SSL' menu
- WordPress 5.0 or higher
- PHP 7.0 or higher
While the plugin will activate, forcing SSL without a valid SSL certificate will make your site inaccessible. You need to install an SSL certificate on your web server before enabling the force SSL option.
When enabled, users will see a modal overlay with your privacy notice after login. They must check the acknowledgment box to access the site. The acknowledgment is stored in user metadata with a timestamp, and you can set an expiry period after which users must re-acknowledge the notice.
The Administrator Agreement ensures that administrators acknowledge the security implications and responsibilities of using the plugin. It's displayed as a modal overlay when administrators first access the plugin settings and can be configured to require periodic re-acknowledgment.
Yes, So SSL implements industry-standard TOTP (Time-based One-Time Password) for the authenticator app option and secure email verification. Both methods significantly increase the security of your WordPress login process.
Yes, all security headers can be customized with various options. The Content Security Policy (CSP) settings are particularly flexible, allowing you to control exactly which sources are allowed for different content types.
- Enhanced privacy compliance modal system for better cross-environment compatibility
- Improved Administrator Agreement feature with modal-based acknowledgment
- Added modal controller for managing multiple overlay priorities
- Fixed redirect loop issues in privacy compliance on production domains
- Added AJAX fallback methods for better reliability on various hosting environments
- Improved error handling and debugging capabilities for modal displays
- Added privacy compliance feature for GDPR and US privacy regulations
- Implemented customizable privacy acknowledgment page
- Added role-based privacy requirements configuration
- Added privacy page preview in admin interface
- Added link to view the actual privacy page
- Fixed compatibility issue with WooCommerce checkout
- Improved CSP header handling for common third-party scripts
- Added support for custom domains in frame-ancestors directive
- Added Cross-Origin Policy headers
- Improved security header documentation
- Fixed minor CSS issues in admin interface
- Added login limiting feature
- Implementation of IP whitelisting and blacklisting
- Added lockout settings for brute force protection
- Added Two-Factor Authentication
- Support for email verification and authenticator apps
- Implementation of backup codes for emergency access
- Added Content Security Policy (CSP) controls
- Implemented Permissions Policy settings
- Advanced Referrer Policy options
- Added strong password enforcement
- User session management functionality
- UI improvements for settings page
- Added HSTS preload list support
- Improved X-Frame-Options controls
- Admin UI enhancements
- Added HSTS (HTTP Strict Transport Security) support
- Added X-Frame-Options header support
- Improved admin interface with security scoring
- Initial release
- Basic SSL forcing functionality
- This plugin uses the TOTP library for two-factor authentication
- Icons by Dashicons
This plugin is licensed under the GPL v3 or later.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.