Support » Plugin: Really Simple SSL » Very dangerous

  • You can probably use this plugin if
    1. Your backend is Apache – it’s heavily geared towards sites using .htaccess. If you don’t use .htaccess it may hose your site and the uninstall script they provide only works for .htaccess based sites.
    2. You don’t use any plugins that issue redirects. Note, there are A LOT of plugins that issue redirects. Any login plugin (theme-my-login etc) any cache or acceleration plugin (CloudFlare etc). If this does not play nicely with your plugins, it will cause redirect loops, you will not be able to login and you will need an expert to get your site back.

    The author says make a backup. Great advice except lots of popular backup tools require admin access, there are ways to restore manually without admin access once you’re locked out, but do you know them? If not, DON’T USE THIS PLUGIN!.

    This is a dangerous plugin given the cute handle “REALLY SIMPLE” it’s only really simple if it works and there are many ways it can fail hosing your site.

    The first fix required is that the author communicates the many dangers upfront on the info page, with clear statements about when to use the plugin and when to avoid it. Then update the uninstall script so it work with or without .htaccess files.

Viewing 1 replies (of 1 total)
  • Plugin Author RogierLankhorst

    (@rogierlankhorst)

    I’m sorry you were having problems, but the problems you describe can be solved. If you run into problems I probably could have helped you fix it.

    This plugin is running on a lot of nginx servers without problems, only the htaccess redirect won’t get inserted of course.

    The uninstall script checks for the existence of a htaccess file, so should run without problem on nginx. If not, it would help to get more info about the issue you were having. You’re the first to report an issue with it.

    Besides the uninstall script there are detailed instructions how to deactivate manually. If you don’t have a htaccess file you can just skip the htaccess part.

    Indeed there are many redirect plugins. Most play nicely with this plugin, but if the other plugin is set to redirect to a http URL, while this plugin redirects to SSL , this might cause loops. In most cases this is solved by re-saving the settings of that plugin. Also, if you’re on nginx, the redirect can only happen in the JavaScript, which is disabled as soon as you rename the plugin file.

    I have never needed to restore from a backup: if you follow the steps to deactivate the plugin you can always regain access.

    If you have more details about the issues you were having, please let me know.

Viewing 1 replies (of 1 total)
  • The topic ‘Very dangerous’ is closed to new replies.