PHPackages                             littlebizzy/force-https - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. littlebizzy/force-https

ActiveWordpress-plugin[Security](/categories/security)

littlebizzy/force-https
=======================

Redirects all HTTP requests to the HTTPS version and fixes insecure links and resources without altering the database (also works with CloudFlare).

v1.4.3(4y ago)26148[5 issues](https://github.com/littlebizzy/force-https/issues)[2 PRs](https://github.com/littlebizzy/force-https/pulls)GPL-2.0-or-laterPHPPHP &gt;=7.0

Since Mar 19Pushed 5d ago3 watchersCompare

[ Source](https://github.com/littlebizzy/force-https)[ Packagist](https://packagist.org/packages/littlebizzy/force-https)[ Docs](https://www.littlebizzy.com/plugins/force-https)[ RSS](/packages/littlebizzy-force-https/feed)WikiDiscussions master Synced 2w ago

READMEChangelog (10)Dependencies (1)Versions (25)Used By (0)

Force HTTPS
===========

[](#force-https)

HTTPS enforcement for WordPress

Changelog
---------

[](#changelog)

3.0.10
------

[](#3010)

- added REST response object HTTPS filtering via `rest_post_dispatch` while keeping final REST output filtering as a safety net

3.0.9
-----

[](#309)

- hardened resource hint, image srcset, and upload directory HTTPS filtering with stricter URL checks

3.0.8
-----

[](#308)

- added HTTPS filtering for author, archive, attachment, custom post type, feed, search, shortlink, and logout URLs
- fixed stale WordPress and WooCommerce filter registrations by using current hook names

3.0.7
-----

[](#307)

- added HTTPS filtering for enqueued script and stylesheet asset URLs
- added HTTPS filtering for theme root, theme directory, and theme file URLs

3.0.6
-----

[](#306)

- removed redundant WooCommerce REST prepare filters now covered by global REST response HTTPS filtering

3.0.5
-----

[](#305)

- fixed oEmbed and custom logo HTTPS filtering by using the HTML output callback for HTML-returning hooks
- improved REST response HTTPS filtering for nested string values inside arrays

3.0.4
-----

[](#304)

- registered WooCommerce filters on `plugins_loaded` so HTTPS support is not missed due to plugin load order

3.0.3
-----

[](#303)

- fixed nav menu link HTTPS filtering by using a dedicated callback for the attributes array passed by `nav_menu_link_attributes`

3.0.2
-----

[](#302)

- hardened HTTPS redirects by replacing `wp_redirect` with `wp_safe_redirect`
- sanitized the request URI before building the HTTPS redirect URL
- updated `Tested up to` header for WordPress 7.0

3.0.1
-----

[](#301)

- improved WP-CLI and WP-Cron compatibility by bypassing home/siteurl HTTPS filtering during command-line and scheduled tasks

3.0.0
-----

[](#300)

- added `Tested up to`, `Update URI`, and `Text Domain` plugin headers
- improved HTTPS redirects to skip WP-CLI, WP-Cron, and AJAX requests
- added early home/siteurl HTTPS filtering with `pre_option_home` and `pre_option_siteurl`
- expanded HTTPS enforcement across WordPress URL, content, media, resource hint, and upload directory filters
- improved content parsing for HTML elements, including `` and `` blocks
- added WooCommerce URL/content filter support when WooCommerce is active
- cleaned up plugin structure, syntax, and compatibility

### 2.0.3

[](#203)

- added `Requires PHP` plugin header

### 2.0.2

[](#202)

- improved `gu_override_dot_org` snippet

### 2.0.1

[](#201)

- fixed `gu_override_dot_org` snippet

### 2.0.0

[](#200)

- completely refactored code to WordPress standards
- no more defined constants or options (hardcoded to enforce HTTPS on all internal/external links and resources)
- much more extensive `add_filter` rules and HTML enforcement of HTTPS
- supports PHP 7.0 to 8.3
- supports Multisite

### 1.4.3

[](#143)

- fixed undefined variable error (new default $modified = false)

### 1.4.2

[](#142)

- improved composer.json
- updated metadata

### 1.4.1

[](#141)

- tested with WP 5.1
- updated metadata
- tweaked `composer.json`

### 1.4.0

[](#140)

- PBP v1.2.0
- removed `FORCE_SSL` constant references
- added support to force HTTPS on `source` elements (previously unsupported) ... this fixes GitHub Issue #7
- late support for new FORCE\_HTTPS defined constant
- define('FORCE\_HTTPS', true);
- define('FORCE\_HTTPS\_EXTERNAL\_LINKS', false);
- define('FORCE\_HTTPS\_EXTERNAL\_RESOURCES', true);
- define('FORCE\_HTTPS\_INTERNAL\_LINKS', true);
- define('FORCE\_HTTPS\_INTERNAL\_RESOURCES', true);

### 1.3.0

[](#130)

- PBP v1.1.0
- tested with PHP 7.0, 7.1, 7.2
- tested with PHP 5.6 (no fatal errors only, tweaked code style and several corrections)
- better support for WP-CLI (fixes GitHub Issue #6/#2)
- simplified plugin class organization
- late support for FORCE\_SSL constant aborting the plugin functionality in the last minute if false

### 1.2.0

[](#120)

- tested with WP 5.0

### 1.1.4

[](#114)

- updated metadata

### 1.1.3

[](#113)

- updated recommended plugins

### 1.1.2

[](#112)

- updated metadata

### 1.1.1

[](#111)

- updated metadata
- updated recommended plugins

### 1.1.0

[](#110)

- versioning correction (major changes in 1.0.6)
- (no code changes)

### 1.0.6

[](#106)

- changed filters to force HTTPS for external resources (but not hyperlinks) including `src`, `srcset`, `embed`, and `object`
- (if an external resource does not exist in HTTPS version, it may generate a 404 error)
- (philosophy = "green padlock" more important than a resource 404 error)
- added warning for Multisite installations
- updated recommended plugins

### 1.0.5

[](#105)

- better support for `DISABLE_NAG_NOTICES`

### 1.0.4

[](#104)

- partial support for `DISABLE_NAG_NOTICES`
- updated metadata

### 1.0.3

[](#103)

- tested with WP 4.9
- updated recommended plugins
- updated metadata

### 1.0.2

[](#102)

- filter to "skip" external hyperlinks
- better HTTPS filters for internal links, internal sources, and image `srcset`
- optimized plugin code
- added rating request notice
- updated recommended plugins

### 1.0.1

[](#101)

- added recommended plugins notice

### 1.0.0

[](#100)

- initial release

###  Health Score

43

—

FairBetter than 90% of packages

Maintenance61

Regular maintenance activity

Popularity18

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 83.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~43 days

Recently: every ~261 days

Total

25

Last Release

1617d ago

PHP version history (3 changes)1.0.0.x-devPHP ^7.2

v1.4.1PHP ^5.6

v1.4.2PHP &gt;=7.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/10787477?v=4)[LittleBizzy](/maintainers/littlebizzy)[@littlebizzy](https://github.com/littlebizzy)

![](https://avatars.githubusercontent.com/u/17551083?v=4)[Jesse Nickles](/maintainers/jessuppi)[@jessuppi](https://github.com/jessuppi)

---

Top Contributors

[![jessuppi](https://avatars.githubusercontent.com/u/17551083?v=4)](https://github.com/jessuppi "jessuppi (284 commits)")[![pauiglesias](https://avatars.githubusercontent.com/u/1170266?v=4)](https://github.com/pauiglesias "pauiglesias (55 commits)")[![backamblock](https://avatars.githubusercontent.com/u/20801141?v=4)](https://github.com/backamblock "backamblock (1 commits)")[![danlapteacru](https://avatars.githubusercontent.com/u/6186169?v=4)](https://github.com/danlapteacru "danlapteacru (1 commits)")

---

Tags

wordpresswordpress-pluginhttpspluginwordpresssecuritycontentsslseoresourcesforcefixmixedinsecure

### Embed Badge

![Health badge](/badges/littlebizzy-force-https/health.svg)

```
[![Health](https://phpackages.com/badges/littlebizzy-force-https/health.svg)](https://phpackages.com/packages/littlebizzy-force-https)
```

###  Alternatives

[helsingborg-stad/municipio

A bootstrap theme for creating municipality sites.

4028.3k10](/packages/helsingborg-stad-municipio)[spatie/ssl-certificate-chain-resolver

SSL certificate chain resolver

30610.3k](/packages/spatie-ssl-certificate-chain-resolver)[wp-privacy/wp-api-privacy

Strips potentially identifying information from outbound requests to the WordPress.org API

1632.4k](/packages/wp-privacy-wp-api-privacy)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
