Really Simple SSL Pro
How to Use the Permission Policy Header
A security header called Permission Policy regulates which browser functions can be used. It can block external iFrames from using certain browser features in addition to adopting these rules for your own content, making it a potent header for site security.
This enables you to precisely regulate which browser features your site may make advantage of. There are numerous directives that the Permission Policy header can be used to regulate; a description of each feature can be found under “Descriptions per directive” at the bottom of this article. You can use this list provided by Mozilla to get a thorough overview of all directives.
One of these three values may be present for each directive
- This functionality is permitted for your entire site, including external iFrames, even though it is not covered by your permissions policy.
- Only material from your own domain is permitted to use this feature; external iFrames are prohibited.
- This feature is included in your permissions policy without adding any value, and you cannot use it on your website.
Why You Should Use the Default Plugin Folder Name for Really Simple Ssl
If you want to temporarily deactivate a plugin, for instance, you might need to change the name of the plugin folder. Alternatively, if you’re beta testing the most recent GitHub version. When you activate the plugin, we advise changing the folder name back to “really-simple-ssl.” The main justification for this is that if you wanted to deactivate but keep https, the plugin would simply delete the “really-simple-ssl” plugin from the list of active plugins rather than going through the typical deactivation process. As you may imagine, if the plugin gets renamed, this won’t function.
Real Simple SSL won’t be found if you install a premium add-on since the add-on can’t recognise the plugin folder. It is crucial to employ the default plugin folder name in these circumstances. Please open your FTP client, go to wp-content/plugins, and search for the Really Simple SSL folder to rename the plugin folder. Give it the name “really-simple-ssl.” Go to your plugins overview after that, and click “activate” once more. You’re done.
Htaccess or Wp-config.php File Not Writable
The.htaccess or wp-config.php files need to have write rights in order for Really Simple SSL to function. For instance, if your website is protected by a load balancer, you may need to add a change to the wp-config.php file or, if you use Really Simple SSL Pro, you may need to add the secure cookie settings. That often operates without any problems. However, there are times when the plugin is unable to write to the.htaccess or wp-config.php files and notifies you that (one of) these files is not writable. By changing the permissions on these files, this can be resolved.
Check your security plugins
Make sure your site doesn’t use a security plugin before making any alterations to file permissions via FTP. A function available in security plugins like iThemes and WordFence prevents new content from being written to critical system files. The first thing to do if you employ such a plugin is to see if access to system files has been restricted. Really Simple SSL should be able to access these files if you temporarily disable those parameters.
Making the .htaccess or Wp-config.php File Writeable via Ftp
Public html is often where you’ll find both the.htaccess and wp-config.php files.
Logging into your site using FTP is the quickest way to enable writing access to these files. While there are many FTP clients to choose from, they all operate in a similar fashion when it comes to managing file permissions. Your website’s FTP info will be displayed in your hosting CP. Find the.htaccess/wp-config.php file after login in, and then right-click it to make changes.
What is the Feature Policy Header?
If you want to restrict access to certain browser capabilities, you can do so with the Feature Policy header, a security header. This header is powerful since it can be used to enforce these constraints for both internal and external content within iFrames.
As a result, you may fine-tune the access your site has to various browser features. The Feature Policy header allows for the management of a wide variety of directives. Look at this Mozilla doc for a complete rundown of all directives.
The following three options are available for each directive
- (this functionality is allowed for your entire site, including external iFrames) (this feature is allowed for your entire site, including external iFrames)
- self (this feature is allowed for content coming from your own domain, preventing this functionality for external iframes) (this feature is allowed for content coming from your own domain, blocking this feature for external iframes)
- none (this feature is not permitted on your site at all) (this feature is not allowed on your site at all)
How to Install Really Simple Ssl Per Page
Here’s how to set up your new Really Simple SSL per page plugin. You can watch this video, or keep reading, to learn about the setup and main features. Just put in a support ticket if you get stuck.
Take care not to use the per-page plugin with a HSTS header. If HSTS is enabled, all queries will be directed to https://, but the per-page plugin directs them to http://, rendering the latter inoperable.
See if the HSTS header has been implemented on your site by visiting hstspreload.org. In that case, you should first ensure that the timer has no end date. Your http pages will be redirected to https if you enable HTTP Strict Transport Security (HSTS). This will result in a never-ending cycle because the per page plugin converts https pages to http.
- Remove Really Simple SSL if you’re using the trial version.
- The download link is included in the email we just sent you. Get the add-on here.
- Go to the “Plugins” page in your WordPress Dashboard after logging in.
- Select the “New” tab.
- To do this, select the “Upload plugin” option.
- Go ahead and upload the.zip file you obtained earlier, and then activate it.