WordPress HTTPS Security: the free AIFORYA SSL plugin
Harden WordPress HTTPS: security headers, mixed content scanner, SSL certificate monitoring. Free plugin, local, no API key.

Harden your site's HTTPS, without touching a line of code.
AIFORYA SSL brings together the essential tools to secure WordPress's HTTPS layer: modern security headers, mixed content scanner and certificate monitoring. The core of the plugin works locally, with no API key, no external service — and for free, with no time limit.
- Free and complete: headers, scanner, certificate monitoring and health dashboard included.
- Local: everything runs on your server; the certificate check queries only your own domain.
- Risk-free: the CSP is tested in "report-only" mode before being applied.
Why HTTPS alone is not enough
Installing an SSL certificate and switching to HTTPS is only the first step. A truly secure site needs three more things, often forgotten: security headers that tell the browser how to behave, the absence of mixed content (those HTTP resources that trigger the "not secure" warning), and certificate monitoring to never be caught off guard by an expiration.
These settings are powerful but delicate: a too-strict Content-Security-Policy can block your own scripts, an HSTS enabled too early can make the site inaccessible. AIFORYA SSL gives you safeguards: report-only mode, clear recommendations and a health score, to move forward without breaking anything.
What the plugin does
- Security headers manager — enable and configure without code the recommended headers:
Strict-Transport-Security(HSTS),Content-Security-Policy(with report-only mode),X-Frame-Options,X-Content-Type-Options,Referrer-PolicyandPermissions-Policy. - Mixed content scanner — detects HTTP resources on an HTTPS site, with a local report, "ignored" marking and optional email alert. Scan scheduled in the background or on demand.
- SSL certificate monitoring — checks your domain's certificate expiration date and alerts you by email several days before the deadline, with configurable thresholds.
- SSL health dashboard — an overall score and clear checkpoints (certificate, headers, mixed content) with actionable recommendations.
How it does better than competing free plugins
| AIFORYA SSL | Common free plugins | |
|---|---|---|
| Security headers | Complete interface, CSP in report-only mode | Often partial or reserved for the paid version |
| Mixed content scanner | Included, scheduled + on demand | Rarely included for free |
| Certificate monitoring | Included, with email alert | Reserved for the paid version |
| Privacy | Local, queries only your domain | Data sent to third-party servers frequent |
| API key / account | None | Sometimes required |
Install in 2 minutes
- Download the plugin here (or install it from WordPress.org).
- Activate it from the Plugins menu.
- Configure your headers in the Headers tab (start the CSP in "report-only" mode).
- Run a scan in the Mixed content tab, then check your certificate in the Certificate tab.
The SSL health dashboard then tells you what remains to be improved.
Questions fréquentes
Historique des mises à jour
- v1.0.1
Minor fixes and stabilization of certificate monitoring and the mixed content scanner.
- v1.0.0
Initial release: security headers manager (HSTS, CSP in report-only mode, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), mixed content scanner with email alert, SSL certificate monitoring and SSL health dashboard.
Une question ? Contactez-nous.