diff --git a/force-https.php b/force-https.php
new file mode 100644
index 0000000..6050173
--- /dev/null
+++ b/force-https.php
@@ -0,0 +1,231 @@
+<?php
+/*
+Plugin Name: Force HTTPS
+Plugin URI: https://www.littlebizzy.com/plugins/force-https
+Description: HTTPS enforcement for WordPress
+Version: 3.0.1
+Author: LittleBizzy
+Author URI: https://www.littlebizzy.com
+Requires PHP: 7.0
+Tested up to: 6.7
+License: GPLv3
+License URI: http://www.gnu.org/licenses/gpl-3.0.html
+Update URI: false
+GitHub Plugin URI: littlebizzy/force-https
+Primary Branch: master
+Text Domain: force-https
+*/
+
+// prevent direct access
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
+
+// override wordpress.org with git updater
+add_filter( 'gu_override_dot_org', function( $overrides ) {
+    $overrides[] = 'force-https/force-https.php';
+    return $overrides;
+}, 999 );
+
+// enforce https at the database level only if wordpress is incorrectly detecting http
+// home_url and site_url should not be in force_https_securize_url because it would run on every call unnecessarily
+function force_https_filter_home( $value ) {
+
+    // bypass if running via cli or cron to prevent issues with commands or internal loopback requests
+    if ( defined( 'WP_CLI' ) || defined( 'DOING_CRON' ) ) {
+        return $value;
+    }
+
+    // bypass if already using ssl
+    if ( is_ssl() ) {
+        return $value;
+    }
+
+    // force https scheme
+    return set_url_scheme( $value, 'https' );
+}
+
+// no priority needed since pre_option filters override values immediately
+add_filter( 'pre_option_home', 'force_https_filter_home' );
+add_filter( 'pre_option_siteurl', 'force_https_filter_home' );
+
+// enforce https by redirecting non-ssl requests on frontend, admin, and login pages
+function force_https_redirect() {
+    // exit if already using https
+    if ( is_ssl() ) {
+        return;
+    }
+
+    // exit if headers are sent, running via cli, cron, ajax, or if no request uri exists
+    if ( headers_sent() || defined( 'WP_CLI' ) || defined( 'DOING_CRON' ) || ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || ! isset( $_SERVER['REQUEST_URI'] ) ) {
+        return;
+    }
+
+    // redirect to https version of the requested url
+    wp_redirect( set_url_scheme( home_url( $_SERVER['REQUEST_URI'] ), 'https' ), 301 );
+    exit;
+}
+
+// apply https redirect during initialization, admin, and login
+add_action( 'init', 'force_https_redirect', 10 );
+add_action( 'admin_init', 'force_https_redirect', 10 );
+add_action( 'login_init', 'force_https_redirect', 10 );
+
+// enforce https for valid urls only
+function force_https_securize_url( $value ) {
+    // return unchanged if not a string or does not start with http
+    if ( ! is_string( $value ) || stripos( $value, 'http://' ) !== 0 ) {
+        return $value;
+    }
+
+    // convert to https
+    return set_url_scheme( $value, 'https' );
+}
+
+// apply https to urls used across wordpress
+add_filter( 'admin_url', 'force_https_securize_url', 10 );
+add_filter( 'author_feed_link', 'force_https_securize_url', 10 );
+add_filter( 'category_feed_link', 'force_https_securize_url', 10 );
+add_filter( 'category_link', 'force_https_securize_url', 10 );
+add_filter( 'content_url', 'force_https_securize_url', 10 );
+add_filter( 'embed_oembed_html', 'force_https_securize_url', 10 );
+add_filter( 'get_avatar_url', 'force_https_securize_url', 10 );
+add_filter( 'get_custom_logo', 'force_https_securize_url', 10 );
+add_filter( 'get_the_permalink', 'force_https_securize_url', 10 );
+add_filter( 'includes_url', 'force_https_securize_url', 10 );
+add_filter( 'login_redirect', 'force_https_securize_url', 10 );
+add_filter( 'logout_redirect', 'force_https_securize_url', 10 );
+add_filter( 'nav_menu_link_attributes', 'force_https_securize_url', 10 );
+add_filter( 'network_home_url', 'force_https_securize_url', 10 );
+add_filter( 'network_site_url', 'force_https_securize_url', 10 );
+add_filter( 'page_link', 'force_https_securize_url', 10 );
+add_filter( 'plugins_url', 'force_https_securize_url', 10 );
+add_filter( 'post_link', 'force_https_securize_url', 10 );
+add_filter( 'rest_url', 'force_https_securize_url', 10 );
+add_filter( 'tag_link', 'force_https_securize_url', 10 );
+add_filter( 'term_link', 'force_https_securize_url', 10 );
+add_filter( 'wp_get_attachment_url', 'force_https_securize_url', 10 );
+add_filter( 'wp_logout_url', 'force_https_securize_url', 10 );
+
+// apply https to woocommerce urls if woocommerce is active
+if ( class_exists( 'WooCommerce' ) ) {
+    add_filter( 'wc_get_endpoint_url', 'force_https_securize_url', 10 );
+    add_filter( 'woocommerce_account_endpoint_url', 'force_https_securize_url', 10 );
+    add_filter( 'woocommerce_email_footer_text', 'force_https_filter_output', 999 );
+    add_filter( 'woocommerce_rest_prepare_coupon', 'force_https_filter_output', 999 );
+    add_filter( 'woocommerce_rest_prepare_customer', 'force_https_filter_output', 999 );
+    add_filter( 'woocommerce_rest_prepare_order', 'force_https_filter_output', 999 );
+    add_filter( 'woocommerce_rest_prepare_product', 'force_https_filter_output', 999 );
+}
+
+// enforce https on html content that may contain urls
+function force_https_filter_output( $content ) {
+    // return unchanged if not a string
+    if ( ! is_string( $content ) ) {
+        return $content;
+    }
+
+    // replace http with https in text or html output
+    return str_replace( 'http://', 'https://', $content );
+}
+
+// apply https enforcement to html content
+add_filter( 'comment_text', 'force_https_filter_output', 20 );
+add_filter( 'post_thumbnail_html', 'force_https_filter_output', 10 );
+add_filter( 'render_block', 'force_https_filter_output', 20 );
+add_filter( 'rest_pre_echo_response', 'force_https_filter_output', 999 );
+add_filter( 'walker_nav_menu_start_el', 'force_https_filter_output', 10 );
+add_filter( 'widget_text', 'force_https_filter_output', 20 );
+add_filter( 'widget_text_content', 'force_https_filter_output', 20 );
+
+// enforce https on elements and inline content
+add_filter( 'the_content', 'force_https_process_content', 20 );
+
+function force_https_process_content( $content ) {
+    // match elements with src, href, action, content, or formaction attributes
+    static $element_pattern = '#(?i)(<(?:a|img|iframe|video|audio|source|form|link|embed|object|track|script|meta|input|button)\b[^>]*\s*(?:href|src|action|content|formaction)=["\'])http://([^"\']+)#';
+
+    // match script and style content
+    static $script_style_pattern = '#(<(?i:script|style)\b[^>]*>)(.*?)</(?i:script|style)>#s';
+
+    // replace http with https in elements
+    $content = preg_replace_callback(
+        $element_pattern,
+        function ( $matches ) {
+            return $matches[1] . 'https://' . $matches[2];
+        },
+        $content
+    );
+
+    // replace http and escaped http in script and style blocks
+    return preg_replace_callback(
+        $script_style_pattern,
+        function ( $matches ) {
+            preg_match('/<\s*(script|style)/i', $matches[1], $tag_match);
+            return $matches[1] . str_replace(
+                ['http://', 'http:\/\/'],
+                ['https://', 'https:\/\/'],
+                $matches[2]
+            ) . '</' . $tag_match[1] . '>';
+        },
+        $content
+    );
+}
+
+// enforce https on wp resource hints to prevent mixed content issues
+add_filter( 'wp_resource_hints', 'force_https_fix_resource_hints', 20 );
+function force_https_fix_resource_hints( $urls ) {
+    // return unchanged if not an array
+    if ( ! is_array( $urls ) ) {
+        return $urls;
+    }
+
+    // loop through each url and enforce https where needed
+    foreach ( $urls as $key => $url ) {
+        if ( is_string( $url ) ) {
+            $urls[$key] = set_url_scheme( $url, 'https' );
+        } elseif ( is_array( $url ) && isset( $url['href'] ) ) {
+            $urls[$key]['href'] = set_url_scheme( $url['href'], 'https' );
+        }
+    }
+
+    return $urls;
+}
+
+// enforce https on image srcsets to prevent mixed content issues
+add_filter( 'wp_calculate_image_srcset', 'force_https_fix_image_srcsets', 999 );
+function force_https_fix_image_srcsets( $sources ) {
+    // return unchanged if sources is not an array
+    if ( ! is_array( $sources ) ) {
+        return $sources;
+    }
+
+    // loop through each source and enforce https on urls
+    foreach ( $sources as $key => $source ) {
+        // check if url is set and enforce https
+        if ( isset( $source['url'] ) ) {
+            $sources[$key]['url'] = set_url_scheme( $source['url'], 'https' );
+        }
+    }
+
+    return $sources;
+}
+
+// enforce https on urls in the upload directory to avoid insecure media links
+add_filter( 'upload_dir', 'force_https_fix_upload_dir', 999 );
+function force_https_fix_upload_dir( $uploads ) {
+
+    // enforce https on the main upload url
+    if ( isset( $uploads['url'] ) ) {
+        $uploads['url'] = set_url_scheme( $uploads['url'], 'https' );
+    }
+
+    // enforce https on the base upload url
+    if ( isset( $uploads['baseurl'] ) ) {
+        $uploads['baseurl'] = set_url_scheme( $uploads['baseurl'], 'https' );
+    }
+
+    return $uploads;
+}
+
+// Ref: ChatGPT
diff --git a/LICENSE b/license
similarity index 100%
rename from LICENSE
rename to license
diff --git a/readme.md b/readme.md
index c6b8e0d..95cc885 100755
--- a/readme.md
+++ b/readme.md
@@ -1,44 +1,120 @@
 # Force HTTPS
 
-Redirects all HTTP requests to the HTTPS version and fixes insecure links and resources without altering the database (also works with CloudFlare).
-
-* [Plugin Homepage](https://www.littlebizzy.com/plugins/force-https)
-* [**Become A LittleBizzy.com Member Today!**](https://www.littlebizzy.com/members)
-
-### Defined Constants
-
-    /* Plugin Meta */
-    define('DISABLE_NAG_NOTICES', true);
-    
-    /* Force HTTPS Functions */
-    define('FORCE_HTTPS', true);
-    define('FORCE_HTTPS_EXTERNAL_LINKS', false);
-    define('FORCE_HTTPS_EXTERNAL_RESOURCES', true);
-    define('FORCE_HTTPS_INTERNAL_LINKS', true);
-    define('FORCE_HTTPS_INTERNAL_RESOURCES', true);
-    
-### Release Downloads (ZIP)
-
-[1.3.0](https://github.com/littlebizzy/force-https/archive/1.3.0.zip), [1.2.1](https://github.com/littlebizzy/force-https/archive/1.2.1.zip), [1.2.0](https://github.com/littlebizzy/force-https/archive/1.2.0.zip), [1.1.4](https://github.com/littlebizzy/force-https/archive/1.1.4.zip), [1.1.3](https://github.com/littlebizzy/force-https/archive/1.1.3.zip), [1.1.2](https://github.com/littlebizzy/force-https/archive/1.1.2.zip), [1.1.1](https://github.com/littlebizzy/force-https/archive/1.1.1.zip), [1.1.0](https://github.com/littlebizzy/force-https/archive/1.1.0.zip), [1.0.6](https://github.com/littlebizzy/force-https/archive/1.0.6.zip), [1.0.5](https://github.com/littlebizzy/force-https/archive/1.0.5.zip), [1.0.4](https://github.com/littlebizzy/force-https/archive/1.0.4.zip), [1.0.3](https://github.com/littlebizzy/force-https/archive/1.0.3.zip), [1.0.2](https://github.com/littlebizzy/force-https/archive/1.0.2.zip), [1.0.1](https://github.com/littlebizzy/force-https/archive/1.0.1.zip), [1.0.0](https://github.com/littlebizzy/force-https/archive/1.0.0.zip)
-
-### Our Philosophy
-
-> "Decisions, not options." — WordPress.org (originally)
-
-> "Everything should be made as simple as possible, but not simpler." — Albert Einstein, et al
-
-> "Write programs that do one thing and do it well... write programs to work together." — Doug McIlroy
-
-> "The innovation that this industry talks about so much is bullshit. Anybody can innovate... 99% of it is 'get the work done.' The real work is in the details." — Linus Torvalds
-
-### Compatibility
-
-This plugin has been designed for use on [SlickStack](https://slickstack.io) web servers with PHP 7.2 and MySQL 5.7 to achieve best performance. All of our plugins are meant for single site WordPress installations only; for both performance and usability reasons, we strongly recommend avoiding WordPress Multisite for the vast majority of your projects.
-
-Any of our WordPress plugins may also be loaded as "Must-Use" plugins (meaning that they load first, and cannot be deactivated) by using our free [Autoloader](https://github.com/littlebizzy/autoloader) script in the `mu-plugins` directory.
-
-### Support Issues
-
-*Please do not submit Pull Requests. Instead, kindly create a new Issue with relevant information if you are an experienced developer, otherwise post your comments in our free Facebook group.*
-
-***No emails, please! Thank you.***
+HTTPS enforcement for WordPress
+
+## Changelog
+
+## 3.0.1
+- improved WP-CLI and WP-Cron compatibility with home/siteurl filtering logic
+
+## 3.0.0
+- added `Tested up to` header
+- added `Update URI` header
+- added `Text Domain` header
+- improved HTTPS redirection that skips WP-CLI, WP-Cron, and AJAX
+- now leveraging `pre_option_home` and `pre_option_siteurl` to override WordPress sequence early
+- several more `add_filter` being enforced
+- refined regex in `the_content` to correctly process `<script>` and `<style>` blocks
+- refinded and expanded regex for HTML elements
+- support for several WooCommerce `add_filter` if detected
+- significant code structure, syntax, and efficiency improvements
+
+### 2.0.3
+- added `Requires PHP` plugin header
+
+### 2.0.2
+- improved `gu_override_dot_org` snippet
+
+### 2.0.1
+- fixed `gu_override_dot_org` snippet
+
+### 2.0.0
+- completely refactored code to WordPress standards
+- no more defined constants or options (hardcoded to enforce HTTPS on all internal/external links and resources)
+- much more extensive `add_filter` rules and HTML enforcement of HTTPS
+- supports PHP 7.0 to 8.3
+- supports Multisite
+
+### 1.4.3
+* fixed undefined variable error (new default $modified = false)
+
+### 1.4.2
+* improved composer.json
+* updated metadata
+
+### 1.4.1
+* tested with WP 5.1
+* updated metadata
+* tweaked `composer.json`
+
+### 1.4.0
+* PBP v1.2.0
+* removed `FORCE_SSL` constant references
+* added support to force HTTPS on `source` elements (previously unsupported) ... this fixes GitHub Issue #7
+* late support for new FORCE_HTTPS defined constant
+* define('FORCE_HTTPS', true);
+* define('FORCE_HTTPS_EXTERNAL_LINKS', false);
+* define('FORCE_HTTPS_EXTERNAL_RESOURCES', true);
+* define('FORCE_HTTPS_INTERNAL_LINKS', true);
+* define('FORCE_HTTPS_INTERNAL_RESOURCES', true);
+
+### 1.3.0
+* PBP v1.1.0
+* tested with PHP 7.0, 7.1, 7.2
+* tested with PHP 5.6 (no fatal errors only, tweaked code style and several corrections)
+* better support for WP-CLI (fixes GitHub Issue #6/#2)
+* simplified plugin class organization
+* late support for FORCE_SSL constant aborting the plugin functionality in the last minute if false
+
+### 1.2.0
+* tested with WP 5.0
+
+### 1.1.4
+* updated metadata
+
+### 1.1.3
+* updated recommended plugins
+
+### 1.1.2
+* updated metadata
+
+### 1.1.1
+* updated metadata
+* updated recommended plugins
+
+### 1.1.0
+* versioning correction (major changes in 1.0.6)
+* (no code changes)
+
+### 1.0.6
+* changed filters to force HTTPS for external resources (but not hyperlinks) including `src`, `srcset`, `embed`, and `object`
+* (if an external resource does not exist in HTTPS version, it may generate a 404 error)
+* (philosophy = "green padlock" more important than a resource 404 error)
+* added warning for Multisite installations
+* updated recommended plugins
+* updated metadata
+
+### 1.0.5
+* better support for `DISABLE_NAG_NOTICES`
+
+### 1.0.4
+* partial support for `DISABLE_NAG_NOTICES`
+* updated metadata
+
+### 1.0.3
+* tested with WP 4.9
+* updated recommended plugins
+* updated metadata
+
+### 1.0.2
+* filter to "skip" external hyperlinks
+* better HTTPS filters for internal links, internal sources, and image `srcset`
+* optimized plugin code
+* added rating request notice
+* updated recommended plugins
+
+### 1.0.1
+* added recommended plugins notice
+
+### 1.0.0
+* initial release