I am using a plugin **Really Simple SSL** that configured to use SSL. And I use WP Migrate Pro to move my DB from local to remote. But I usually run into the problem of pulling the DB from productions to localhost during development, most of my links on the localhost are using https.

I do not want to set SSL on my local development.

Presently, I deactivate the plugin Really Simple SSL using `wp cli'. Next, I have to Find and Replace https to http on the localhost. That makes updates to be using unsecured repos and my fonts, css and cdn use http which create a new security risk for my development which would eventually end on in production.

What is the best approach so that I do not expose my production to security risk after development?

I am using a plugin **Really Simple SSL** that configured to use SSL. And I use WP Migrate Pro to move my DB from local to remote. But I usually run into the problem of pulling the DB from productions to localhost during development, most of my links on the localhost are using https.

I do not want to set SSL on my local development.

Presently, I deactivate the plugin Really Simple SSL using `wp cli'. Next, I have to Find and Replace https to http on the localhost. That makes updates to be using unsecured repos and my fonts, css and cdn use http which create a new security risk for my development which would eventually end on in production.

What is the best approach so that I do not expose my production to security risk after development?

• wp-cli
• https
• local-installation
• development-strategy
• production

• Why do you not want to use SSL on local? Keep in mind that you don't need an SSL plugin, you can set the sites URL option to use https, as long as your content uses https URLs and you're not using http hardcoded in your theme everything's fine. I've never needed t install a plugin like Really Simple SSL. The real answer is to use HTTPS everywhere – Tom J Nowell ♦ Commented Sep 8, 2020 at 9:53
• @TomJNowell you advice I use https in the wp-config file. But some plugin do not go over SSL, and development because bad when the network is not very good. – pensebien Commented Sep 8, 2020 at 9:56
• That's not the same as what I suggested. Why are you insisting on no https locally? – Tom J Nowell ♦ Commented Sep 8, 2020 at 9:57
• Then you need to contact the plugin authors, those are very poorly built plugins ( or it's because you did not set up SSL and used a plugin to "fix" it ) – Tom J Nowell ♦ Commented Sep 8, 2020 at 9:58
• On production, I setup SSL and AWS needs that particular plugin as part of the process of setup the SSL. here. On my local dev, I do not need it. Based on experience, it speeds up my development. – pensebien Commented Sep 8, 2020 at 10:01

1 Answer 1

The correct approach is to use HTTPS everywhere, and to migrate to SSL properly:

• remove the Really Simple SSL plugin
• change your sites URL option to the https version
• search replace your database so all content uses the https URL via WP CLI or a search replace tool ( do not use an SQL query it will break things )
• update any hardcoded strings in your theme from http to https

Then finally:

• set up a local SSL certificate and trust it in your browser

A lot of local dev environments will generate the certificate automatically, e.g. VVV or Local.

The alternative is a painful manual search replace each and every time you pull changes down, and push changes up.