Volixta SSL & Security Headers

Is your WordPress site still serving pages over HTTP instead of HTTPS?\ Do you see browser warnings like "Not Secure" even though you installed SSL?\ Are you getting mixed content errors in Chrome or Firefox after enabling HTTPS?\ Is your Site Health report complaining about missing security headers? 👉 Volixta SSL & Security Headers fixes all of these in a few clicks. Easily activate SSL, force 301 redirects, repair mixed content, and apply recommended WordPress security headers like HSTS, CSP, and X-Frame-Options. 🔐 What does Volixta do?

• Activate SSL automatically: safely update your WordPress home and siteurl to use https://.
• Force HTTPS with 301 redirect: adds a safe .htaccess block on Apache/LiteSpeed, or falls back to a PHP redirect if needed.
• Fix mixed content: scans your posts, postmeta, and options for http:// links and replaces them with https:// (serialization-safe).
• Apply modern HTTP Security Headers: HSTS, Content-Security-Policy (upgrade-insecure-requests), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP.
• Nginx friendly: when .htaccess is not available, Volixta shows ready-to-copy Nginx rules.
• Site Health integration: checks for SSL, redirects, and security headers.

✅ Why choose Volixta?

• Safe by design\ Nothing is applied automatically. You choose what to enable. Each .htaccess modification creates a timestamped backup.
• Serialization-safe mixed content fixer\ No risk of breaking complex serialized data in postmeta or options.
• Admin-only processing\ Everything runs in the admin area. The frontend only uses the optional PHP redirect when required.
• Localhost aware\ Detects local environments (localhost, .local, .test) and provides instructions for enabling trusted HTTPS locally with mkcert.

🔎 Typical problems solved How do I activate SSL in WordPress?\ → One click in Volixta updates your site to HTTPS safely. How do I force HTTPS with 301 redirects?\ → Volixta inserts a safe .htaccess redirect or uses a PHP fallback. My Site Health report says “No security headers detected”.\ → Apply modern security headers in one click. How can I add WordPress security headers without editing code?\ → Configure and apply headers from the plugin interface. After enabling SSL, my site still shows mixed content errors.\ → Run the Mixed Content Scan + Fixer. I'm on Nginx, so .htaccess doesn't work.\ → Volixta provides ready-to-copy Nginx configuration snippets.

1. Upload to /wp-content/plugins/ or install from the WordPress plugin directory.
2. Activate the plugin.
3. Open Volixta SSL & Security in the admin menu.
4. With a valid SSL certificate:
5. Click Activate SSL to update WordPress URLs to HTTPS.
6. Click Enable HTTPS Redirect to force HTTPS.
7. Click Apply Security Headers.

1.1.4 – 2026-03-11

• Updated readme.txt

1.1.3 – 2026-03-09

• Removed the Security Hardening module to improve stability and compatibility.

1.1.2 – 2025-12-10

• Added new Hardening module:
• Secure & HttpOnly cookies (adds COOKIE_SECURE and COOKIE_HTTPONLY to wp-config.php)
• Disable directory indexing by inserting “Options -Indexes” into .htaccess
• Block user enumeration (?author=ID and REST API /wp/v2/users)
• Improved PHPCS compliance and sanitization for user enumeration blocking
• Updated uninstall routine to remove new hardening options
• UI enhancements for Security Hardening settings panel
• Updated readme.txt

1.1.1 Tested up to WordPress 6.9. 1.1.0 Improved SSL detection and code compliance. 1.0.10 Updated readme. 1.0.0 Initial release.