My sincerest thanks for your effort!
I don’t have any helpful advice, though.
(That’s not completely true. My long-term plan is to switch platforms, that is, away from WordPress, but in the short term your patches help solve my immediate problems. I can’t say if my long-term plan would help you.)
Since WordPress 2.9 there is no way to have a clean HTTPS page, because all Thumbnails are only loaded via HTTP.
The plugin WordPress HTTPS corrects this.
https://wordpress.org/plugins/wordpress-https/
I wrote a filter for my hunctions.php in the meantime to resolve this issue. Please note this issue only affects partial https sites. If your base_url and home_url are set to a https domain name, the post thumbnail urls will work correctly.
Something like below should definitely be in core.
//Fix SSL on Post Thumbnail URLs
function ssl_post_thumbnail_urls($url, $post_id) {
//Skip file attachments
if( !wp_attachment_is_image($post_id) )
return $url;
//Correct protocol for https connections
list($protocol, $uri) = preg_split('@(://)@', $url, 2);
if( is_ssl() ) {
if( 'http' == $protocol )
$protocol = 'https';
} else {
if( 'https' == $protocol )
$protocol = 'http';
}
return $protocol.'://'.$uri;
}
add_filter('wp_get_attachment_url', 'ssl_post_thumbnail_urls', 10, 2);
Amended the code above to remove the use of regex. It was adding significant CPU load to pages with decent amounts of images.
//Fix SSL on Post Thumbnail URLs
function ssl_post_thumbnail_urls($url, $post_id) {
//Skip file attachments
if( !wp_attachment_is_image($post_id) )
return $url;
//Correct protocol for https connections
list($protocol, $uri) = explode('://', $url, 2);
if( is_ssl() ) {
if( 'http' == $protocol )
$protocol = 'https';
} else {
if( 'https' == $protocol )
$protocol = 'http';
}
return $protocol.'://'.$uri;
}
add_filter('wp_get_attachment_url', 'ssl_post_thumbnail_urls', 10, 2);
Hi guys, just got great news form WordCamp Germany. In one of the sessions I mentioned the HTTPS problem in general and got into discussion with an Automattic guy. He told me that there will be (full?) Core HTTPS support in one of the next WP versions… finally 🙂
So lets keep our fingers crossed and hacks out of our code 😉
Greetings from Germany,
Jan
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
For more information I believe you can read about it here.
SSL taskforce
Make/core is a good blog to subscribe to. 😉
Thx Jan. Yes, you are absolutely correct about subscribing it! So good to see the word is already out 🙂
hey Matthew just wanted to thank you for the snippet. fixed my problem right away. thanks!
@ajmancilla Glad to hear I am not the only one with this issue :D.
@jan Dembowski Thanks for the information on the SSL taskforce. Thats an interesting read.