SSL Insecure Content Fixer security fix

SSL Insecure Content Fixer v2.1.0 has just been released. This release is a security fix. Please update as soon as possible.

This release fixes a potential information disclosure with the SSL Fixes test script. This script is an AJAX script that must run outside of WordPress to correctly detect the server environment without interference from other plugins. It didn’t have any access restrictions on it; now it does.

The test script also now removes many common server environment settings from the displayed server environment data. These settings would not have been useful in diagnosing HTTPS problems, but some of them might have helped a hacker design an attack on a server.

The plugin now has a Bulgarian translation, thanks to Ivan Arnaudov. Many thanks, Ivan! More translations are welcome 🙂

Ivan also was very helpful diagnosing a problem running the test script with some security plugins activated, such as the Securi Scanner. If anybody is still having problems running the test script, please tell me about it in the support forum.

You can update to version 2.1.0 from your WordPress plugin admin page. Here’s the full changelog for SSL Insecure Content Fixer.

Posted on