Volixta SSL & Security Headers

Description

Is your WordPress site still serving pages over HTTP instead of HTTPS?
Do you see browser warnings like « Not Secure » even though you installed SSL?
Are you getting mixed content errors in Chrome or Firefox after enabling HTTPS?
Or is your Site Health report complaining about missing security headers?

👉 Volixta SSL & Security Headers fixes all of these in a few clicks.
Easily activate SSL, force 301 redirects, repair mixed content, and add recommended WordPress security headers like HSTS, CSP, and X-Frame-Options.

🔐 What does Volixta do?

• Activate SSL automatically: safely update your WordPress home and siteurl to use https://.
• Force HTTPS with 301 redirect: adds a safe .htaccess block on Apache/LiteSpeed, or falls back to a PHP redirect if needed.
• Fix mixed content: scans your posts, postmeta, and options for http:// links and replaces them with https:// (serialization-safe).
• Apply modern HTTP Security Headers: HSTS, Content-Security-Policy (upgrade-insecure-requests), X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP. All values are editable before applying.
• Nginx friendly: when .htaccess is not available, Volixta shows ready-to-use Nginx snippets for redirects and headers.
• Site Health integration: new tests for SSL validity, HTTPS redirect, and security headers presence.

✅ Why choose Volixta?

• Safe by design:
  Nothing is applied automatically. You choose what to enable. Each .htaccess write creates a timestamped backup.
• Serialization-safe mixed content fixer: no risk of breaking complex data in postmeta or options.
• Admin-only: no runtime overhead on the frontend (except optional PHP redirect).
• Localhost aware: detects local environments (localhost, .local, .test) and shows guided instructions with mkcert.

🔎 Typical problems solved

• “How do I activate SSL in WordPress?”
  → One click in Volixta updates your site to HTTPS safely.

• “How do I force HTTPS with 301 redirects?”
  → Volixta inserts a safe .htaccess 301 redirect or a PHP fallback.

• “My Site Health report says ‘No security headers detected’.”
  → Apply missing security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, etc.) in one click.

• “How can I add WordPress security headers without editing code?”
  → Use Volixta’s panel to configure and apply headers safely.

• “After enabling SSL, my site still shows mixed content errors.”
  → Run the Mixed Content Scan + Fixer to repair unsafe links automatically.

• “I’m on Nginx, so .htaccess doesn’t work.”
  → Copy/paste the Nginx-ready snippets Volixta provides for HTTPS redirects and headers.

Privacy

This plugin does not collect, store, or transmit personal data. Only saves minimal config in wp_options.

Localization

Text domain: volixta-ssl-security-headers
Load path: /languages (WP.org language packs auto-loaded)

What’s Next

If you like this plugin, then consider checking out our other plugins:

• VOLIXTA Booking – The All-in-One WordPress Booking Plugin
  Manage unlimited staff, services, clients, payments, and locations in one powerful system.

• VOLIXTA Security Suite – Advanced WordPress Security Made Simple