Aller au contenu principal
Extension WordPress gratuite

WordPress HTTPS Security: the free AIFORYA SSL plugin

Harden WordPress HTTPS: security headers, mixed content scanner, SSL certificate monitoring. Free plugin, local, no API key.

WordPress HTTPS Security: the free AIFORYA SSL plugin

Harden your site's HTTPS, without touching a line of code.

AIFORYA SSL brings together the essential tools to secure WordPress's HTTPS layer: modern security headers, mixed content scanner and certificate monitoring. The core of the plugin works locally, with no API key, no external service — and for free, with no time limit.

  • Free and complete: headers, scanner, certificate monitoring and health dashboard included.
  • Local: everything runs on your server; the certificate check queries only your own domain.
  • Risk-free: the CSP is tested in "report-only" mode before being applied.

Why HTTPS alone is not enough

Installing an SSL certificate and switching to HTTPS is only the first step. A truly secure site needs three more things, often forgotten: security headers that tell the browser how to behave, the absence of mixed content (those HTTP resources that trigger the "not secure" warning), and certificate monitoring to never be caught off guard by an expiration.

These settings are powerful but delicate: a too-strict Content-Security-Policy can block your own scripts, an HSTS enabled too early can make the site inaccessible. AIFORYA SSL gives you safeguards: report-only mode, clear recommendations and a health score, to move forward without breaking anything.

What the plugin does

  • Security headers manager — enable and configure without code the recommended headers: Strict-Transport-Security (HSTS), Content-Security-Policy (with report-only mode), X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy.
  • Mixed content scanner — detects HTTP resources on an HTTPS site, with a local report, "ignored" marking and optional email alert. Scan scheduled in the background or on demand.
  • SSL certificate monitoring — checks your domain's certificate expiration date and alerts you by email several days before the deadline, with configurable thresholds.
  • SSL health dashboard — an overall score and clear checkpoints (certificate, headers, mixed content) with actionable recommendations.

How it does better than competing free plugins

AIFORYA SSLCommon free plugins
Security headersComplete interface, CSP in report-only modeOften partial or reserved for the paid version
Mixed content scannerIncluded, scheduled + on demandRarely included for free
Certificate monitoringIncluded, with email alertReserved for the paid version
PrivacyLocal, queries only your domainData sent to third-party servers frequent
API key / accountNoneSometimes required

Install in 2 minutes

  1. Download the plugin here (or install it from WordPress.org).
  2. Activate it from the Plugins menu.
  3. Configure your headers in the Headers tab (start the CSP in "report-only" mode).
  4. Run a scan in the Mixed content tab, then check your certificate in the Certificate tab.

The SSL health dashboard then tells you what remains to be improved.

Questions fréquentes

Historique des mises à jour

  1. v1.0.1

    Minor fixes and stabilization of certificate monitoring and the mixed content scanner.

  2. v1.0.0

    Initial release: security headers manager (HSTS, CSP in report-only mode, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), mixed content scanner with email alert, SSL certificate monitoring and SSL health dashboard.

Une question ? Contactez-nous.