WPSSL (WordPress with SSL)
[resolved] WPSSL and plugin constants issue and hack (2 posts)

  1. KeyFocusMedia
    Posted 5 years ago #

    I am building a new site which includes client financial information on some of the pages. Obviously, these pages need to use SSL so I was looking for a solution that allowed me to force HTTPS on only these pages and not the entire site. The WPSSL plugin worked pretty well but I ran into some issues with plugin components which enqueued scripts and style sheet links during the plugin init phase of WP startup. After doing some code analysis I discovered the problem stemmed from global constants which WP 3+ creates very early in the startup process.

    The specific constants that where causing problems where:


    These constants are defined within the function wp_plugin_directory_constants located in the wp-includes/default-constants.php file. These constants are used during initialization by several plugins that I am using. The plugins used the constants when enqueuing scripts for javascript and css files. Since my basic site (and the associated siteurl) use standard HTTP the scripts where enqueued using this base URL even when they appear on pages that are being FORCED_SSL by the WPSSL plugin. This caused mixed content security errors on all of my secure pages.

    I looked for a solution that would allow me to hook into the constant definition process or would allow me to consistently update the links before they were inserted into the secure headers. I couldn't find anything that seemed to work in all scenarios. In the end I had to hack the wp-includes/default-constants.php file as follows. Not the best solution but one that seems to correct the issue.


    -- snip --
    function wp_plugin_directory_constants( ) {
       if ( !defined('WP_CONTENT_URL') )
          define( 'WP_CONTENT_URL', get_option('siteurl').'/wp-content'); 
    -- snip --


    -- snip --
    function wp_plugin_directory_constants( ) {
       $siteurl = get_option('siteurl');
       if($_SERVER['SERVER_PORT'] == '443') {
          $siteurl = preg_replace('/http:\/\//', 'https://', $siteurl);
       if ( !defined('WP_CONTENT_URL') )
          define( 'WP_CONTENT_URL', $siteurl . '/wp-content'); 
    -- snip --

    I am posting this in the event that someone else runs into the same issues and in the hopes that someone might know a "non-hack" way of resolving my problem.


  2. freythman
    Posted 5 years ago #

    Have you considered using the wp-config.php file to define the constants? I would imagine that would be more user friendly, and there's already a ton of definitions you can make there.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WPSSL (WordPress with SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic