Volixta SSL & Security Headers

Description

Is your WordPress site still serving pages over HTTP instead of HTTPS?
Do you see browser warnings like “Not Secure” even though you installed SSL?
Are you getting mixed content errors in Chrome or Firefox after enabling HTTPS?
Is your Site Health report complaining about missing security headers or weak security settings?
Are bots scanning your site with ?author=1 to enumerate users?

👉 Volixta SSL & Security Headers fixes all of these in a few clicks.

Easily activate SSL, force 301 redirects, repair mixed content, enable security hardening, and apply recommended WordPress security headers like HSTS, CSP, and X-Frame-Options.

🔐 What does Volixta do?

• Activate SSL automatically: safely update your WordPress home and siteurl to use https://.
• Force HTTPS with 301 redirect: adds a safe .htaccess block on Apache/LiteSpeed, or falls back to a PHP redirect if needed.
• Fix mixed content: scans your posts, postmeta, and options for http:// links and replaces them with https:// (serialization-safe).
• Apply modern HTTP Security Headers: HSTS, Content-Security-Policy (upgrade-insecure-requests), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP.
• Security hardening options:
  • ✔️ Secure cookies: add COOKIE_SECURE and COOKIE_HTTPONLY to protect authentication cookies
  • ✔️ Disable directory indexing: adds “Options -Indexes” to .htaccess
  • ✔️ Block user enumeration: blocks ?author=ID scans and hides /wp-json/wp/v2/users from visitors
• Nginx friendly: when .htaccess is not available, Volixta shows ready-to-copy Nginx rules.
• Site Health integration: checks for SSL, redirects, security headers, and hardening status.

✅ Why choose Volixta?

• Safe by design:
  Nothing is applied automatically. You choose what to enable. Each .htaccess write creates a timestamped backup.
• Serialization-safe mixed content fixer: no risk of breaking complex data in postmeta or options.
• Admin-only: no runtime overhead on the frontend (except optional PHP redirect).
• Localhost aware: detects local environments (localhost, .local, .test) and shows guided instructions with mkcert.

🔎 Typical problems solved

• “How do I activate SSL in WordPress?”
  → One click in Volixta updates your site to HTTPS safely.

• “How do I force HTTPS with 301 redirects?”
  → Volixta inserts a safe .htaccess 301 redirect or a PHP fallback.

• “My Site Health report says ‘No security headers detected’.”
  → Apply missing security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, etc.) in one click.

• “How can I add WordPress security headers without editing code?”
  → Use Volixta’s panel to configure and apply headers safely.

• “After enabling SSL, my site still shows mixed content errors.”
  → Run the Mixed Content Scan + Fixer to repair unsafe links automatically.

• “I’m on Nginx, so .htaccess doesn’t work.”
  → Copy/paste the Nginx-ready snippets Volixta provides for HTTPS redirects and headers.

Privacy

This plugin does not collect, store, or transmit personal data. Only saves minimal config in wp_options.

Localization

Text domain: volixta-ssl-security-headers
Load path: /languages (WP.org language packs auto-loaded)

What’s Next

If you like this plugin, then consider checking out our other plugins:

• VOLIXTA Booking – The All-in-One WordPress Booking Plugin
  Manage unlimited staff, services, clients, payments, and locations in one powerful system.

• VOLIXTA Security Suite – Advanced WordPress Security Made Simple