SSL Insecure Content Fixer v2.6.0 has just been released. This release no longer sets a cookie on test or settings pages; fixes Gravatars with insecure content; and adds support for sites that can’t update PCRE beyond 7.2.
No more cookies
Previous versions set a temporary cookie on the settings and test pages. Those pages use Ajax to call a script on the server that runs outside of WordPress, and the cookie was used to ensure that not just anyone could call that script. That authentication now happens without a cookie, which should simplify things for people auditing their websites for GDPR compliance and who want to eliminate unnecessary cookies.
Some plugins and themes override avatars normally retrieved from Gravatar, and they can introduce insecure content when doing so. This release adds a fix for that, which runs on all fixer levels.
Some websites see a warning about their version of PCRE (a system library that provides regular expression support for PHP). The plugin has been tested with PCRE versions from v8 upwards, but technically should work OK with v7.2. If your server has v7.2 but cannot upgrade to v8 or higher, you can add a filter hook to tell the plugin to be a little more accepting. Add this to a simple plugin, or your theme’s functions.php file. But see if you can get PCRE upgraded first!
You can update to the latest version from your WordPress plugin admin page. Here’s the full changelog for SSL Insecure Content Fixer.