WP_PLUGIN_URL doesn't take SSL into account

  1. webaware

    It's common for sites that sell stuff to force the page to load with SSL by redirecting to the blog URL with https protocol instead of http. Countless plugins don't take this into account and use WP_PLUGIN_URL to locate their scripts, stylesheets and images, breaking the "clean" SSL page load and causing some browsers to issue scary sounding warnings about "insecure content".

    Whilst there are hacks that fix most of these plugins, no single hack will fix every errant plugin. Changing WP_PLUGIN_URL to handle the change in protocol would fix them all.

    Posted: 6 years ago #
  2. Ipstenu (Mika Epstein)

    See http://core.trac.wordpress.org/ticket/13941

    (Basically you're doing it wrong if you use WP_PLUGIN_URL, and should do it this way: http://codex.wordpress.org/Determining_Plugin_and_Content_Directories )

    Posted: 6 years ago #
  3. webaware

    Yes, correct; tell all the other plugin developers :)

    Posted: 6 years ago #
  4. webaware

    (I should add: yes, I have fudged it myself in the past, but I'm amazed at how many very professional and *for profit* plugins still use WP_PLUGIN_URL)

    Posted: 6 years ago #
  5. Ipstenu (Mika Epstein)

    Well. It changed ;)

    If it helps, the plugin repo team knows and is compiling lists of plugins who're doin' it wrong in many aspects. First up are the ones with serious issues, then rules violations, then things like this.

    Posted: 6 years ago #
  6. webaware

    Beauty. In the meantime, there's always this:


    (yes, I wrote that, and then I fixed a couple of my own plugins!)

    Posted: 6 years ago #

RSS feed for this topic


You must log in to post.

  • Rating

    2 Votes
  • Status

    This idea has been implemented