The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Simple Local Avatars
SSL Issues (5 posts)

  1. weslinda
    Posted 3 years ago #

    When utilizing SSL in an installation. Both in the admin and the visitor side of things, the icons are called insecurely.

    Is there a fix out there for this?


  2. weslinda
    Posted 3 years ago #

    We are using the force SSL setting in the WordPress configuration file to define this. Not sure what the right way to pull images are, but it would be nice to have a fix.

    Other plugins and WordPress itself pull images just fine. Not sure what is missing.

  3. Jake Goldman
    10up Engineer
    Plugin Author

    Posted 3 years ago #

    Well, the plug-in uses the "site_url()" function to generate URLs for the avatars. Presumably, an SSL plug-in would hook into that. Any idea what other plug-ins do?

  4. weslinda
    Posted 3 years ago #

    Hey Jake,

    I'm not sure how others do it, but what's going on is it's not pulling the SSL link to the image. Keeps it at http://

    <li id="wp-admin-bar-my-account" class="menupop with-avatar"><a class="ab-item"  aria-haspopup="true" href="https://www.hopkinsarthritis.org/wp-admin/profile.php" title="My Account">Howdy, Arthritis Center<img alt='Arthritis Center' src='http://www.hopkinsarthritis.org/wp-content/uploads/2011/11/Arthritis-Center_avatar-16x16.png' class='avatar avatar-16 photo' height='16' width='16' /></a><div class="ab-sub-wrapper"><ul id="wp-admin-bar-user-actions" class="ab-submenu">
    		<li id="wp-admin-bar-user-info"><a class="ab-item" tabindex="-1" href="https://www.hopkinsarthritis.org/wp-admin/profile.php"><img alt='Arthritis Center' src='http://www.hopkinsarthritis.org/wp-content/uploads/2011/11/Arthritis-Center_avatar-64x64.png' class='avatar avatar-64 photo' height='64' width='64' /><span class='display-name'>Arthritis Center</span><span class='username'>weslinda</span></a>		</li>

    The site URL is input as HTTP because we don't force SSL on the entire site. We force SSL in the admin area, and I believe that if I force for the entire site, it still calls the http:// version of the link.

    Not sure how WordPress itself does it, but it seems to call other images in the admin properly. Wish I knew more about how to code this properly, I'd drop in an answer as quickly as I could figure it out, unfortunately, I'm a design guy, not really a developer guy.

  5. kremalicious
    Posted 3 years ago #

    same problem over here.

    I think the problem may be caused by using wp_get_attachment_url here: http://plugins.trac.wordpress.org/browser/simple-local-avatars/trunk/simple-local-avatars.php#L316

    As you can see in this 3 YEAR OLD ticket, wp_get_attachment_url doesn't check for SSL:

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Simple Local Avatars
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic