Frequently asked questions

Is this plugin compliant with WordPress.org guidelines?

Yes. The plugin follows WordPress.org requirements, including proper nonce usage, sanitization and escaping, user-initiated actions only, no silent database modifications, and no external tracking or monetization.

Does this plugin collect data or track my site?

No. Elliot SSL Enforcer does not track usage, does not send telemetry, does not contact external servers, and does not include ads, upsells, or licensing systems.

What happens when I deactivate or uninstall the plugin?

When deactivated, no redirects are enforced and no scans or fixes run. When uninstalled, content changes remain because they are permanent improvements. Any server-level rules added by the plugin should be reviewed or removed manually if used.

Do I need to keep the plugin activated forever?

It depends. Redirect enforcement requires the plugin to remain active if you rely on it. Internal link fixes are permanent, so the plugin is not required to remain active after links are corrected.

What happens if no links are found during a scan?

You may see a summary showing zero rows scanned or changed. This usually means your content is already secure, which is expected and desirable.

Does this plugin support subdomains?

Yes. Internal links pointing to your site’s subdomains (for example, docs.yoursite.com) are included when fixing links.

Will this plugin change external links?

No. Only links that belong to your site, including subdomains, are eligible for fixing. External third-party URLs are ignored.

Does Elliot SSL Enforcer work with Cloudflare?

Yes. The plugin detects common proxy headers and works with Cloudflare and similar CDNs. For best results, Cloudflare should be set to Full (Strict) SSL mode.

Should I use this plugin if I already have redirects set up?

Only one redirect enforcement method should be active. If your host or CDN already forces HTTPS correctly, you may not need the redirect feature. You can still use the diagnostics and internal link fixer independently.

Can this plugin cause redirect loops?

The plugin is designed to prevent common redirect loops by respecting proxy headers and avoiding duplicate enforcement. Redirect loops can still occur if HTTPS is forced in multiple places at once, such as your host panel, CDN, manual .htaccess rules, and the plugin simultaneously.

Does this plugin modify sensitive WordPress options?

No. To remain WordPress.org-compliant and safe, the plugin avoids modifying sensitive runtime options such as cron schedules, rewrite rules, and core system options.

What does the “Fix Everything” button do?

It runs the batch link fixer, which upgrades internal HTTP links to HTTPS for your site and its subdomains. External links are ignored. The process runs in batches to reduce timeouts on larger sites and requires explicit user confirmation before making changes.

What is the Dry Run feature?

The Dry Run scans your database and shows what would be changed without actually modifying anything. It reports how many matches were found, shows example replacements, and provides a summary so you can review changes before applying them.

Will this plugin automatically change my site without my permission?

No. All actions are explicitly user-initiated. Nothing runs automatically in the background. Database changes require a manual action, a confirmation checkbox, and optionally a dry-run preview first.

What problem does Elliot SSL Enforcer solve?

Many sites technically have SSL but still load over HTTP, contain old internal links, or suffer from redirect loops. This plugin helps force HTTPS correctly, repair internal HTTP links stored in the database, and prevent common redirect issues in a safe and transparent way.

Do I need an SSL certificate before using this plugin?

Yes. Elliot SSL Enforcer does not install or issue SSL certificates. You must already have a valid SSL certificate installed through your web host, server, or CDN (such as Cloudflare) before enabling HTTPS enforcement.