Redirects all HTTP requests to the HTTPS version and fixes insecure links and resources without altering the database (also works with CloudFlare).


WARNING: You must have an SSL certificate installed on your server before activating this plugin. If you website becomes inaccessible after activation, simply login via SFTP and delete this plugin from /wp-content/plugins/and clear your browser cache, then refresh the page.

The only Force SSL (HTTPS) plugin that correctly avoids protocol-relative hyperlinks and resources as recommended by Google Chrome and top internet security experts!

Current features:

  • 301 redirects all HTTP requests to the HTTPS version
  • filters all internal resources to become secure (e.g. src=”https://…”)
  • filters all internal hyperlinks to be become secure (e.g. href=”https://…”)
  • filters all external resources to become secure (src, srcset, embeds, and objects)
  • skips any external hyperlinks
  • works with image srcsets too (Version 1.0.2+)
  • no need for additional plugins to fix insecure resources
  • avoids “protocol relative” URLs as recommended by top security experts 12
  • zero database queries or settings pages
  • huge SEO and security benefits


This plugin has been designed for use on LEMP (Nginx) web servers with PHP 7.2 and MySQL 5.7 to achieve best performance. All of our plugins are meant for single site WordPress installations only; for both performance and usability reasons, we highly recommend avoiding WordPress Multisite for the vast majority of projects.

Any of our WordPress plugins may also be loaded as “Must-Use” plugins by using our free Autoloader script in the mu-plugins directory.


    define('DISABLE_NAG_NOTICES', true);


  • Parent Plugin: N/A
  • Disable Nag Notices: Yes
  • Settings Page: No
  • PHP Namespaces: No
  • Object-Oriented Code: No
  • Includes Media (images, icons, etc): No
  • Includes CSS: No
  • Database Storage: Yes
    • Transients: No
    • WP Options Table: Yes
    • Other Tables: No
    • Creates New Tables: No
  • Database Queries: Backend Only (Options API)
  • Must-Use Support: Yes
  • Multisite Support: No
  • Uninstalls Data: Yes