[closed] Trouble with HTTPS when uploading media in 3.5 (11 posts)

  1. TedFolkman
    Posted 2 years ago #


    I am having a new problem with WordPress 3.5 that I did not have with 3.4.2. I do all my site administration over SSL (my wp-config file has the following line: define('FORCE_SSL_ADMIN', true);). When I go to the dashboard I see the green padlock in the address bar, so I know my SSL certificate is working properly. With WP 3.5., when I go to my media library, instead of the green padlock I get a message saying that while my connection is encrypted, the page "includes other resources that are not secure" and that can be viewed by others while in transit or modified by an attacker. Yikes! If I click once on the button to take me back to the dashboard, I can navigate back to the dashboard, but the warning remains. But if I click on the dashboard button again, the green padlock returns.

    In case it is useful, I use the following theme: WooThemes Canvas v. 5.0.13, and the following plugins:

    Acronyms 2
    Antispam Bee
    Broken Link Checker
    BulletProof Security
    Login Lockdown
    NextScripts: Social Networks Auto-Poster
    Prevent Password Resetn
    Quick Page/Post Redirect Plugin
    Simple Footnotes
    WordPress SEO
    Wysija Newsletters

    Thank you!

  2. tomontoast
    Posted 2 years ago #

    Try to find out which resources are non secure by searching for http:// in your page source. That should weed out the culprit. Also try disabling plugins.

  3. TedFolkman
    Posted 2 years ago #

    Thanks for the tip. It looks like the media files themselves are the culprit. Here is an example:

    <td class="column-icon media-icon">				<a href="https://lettersblogatory.com/wp-admin/post.php?post=11674&action=edit" title="Edit “Marcus Junius Brutus”">
    					<img width="39" height="60" src="http://lettersblogatory.com/wp-content/uploads/2012/12/Brutus-99x150.jpg" class="attachment-80x60" alt="Marcus Junius Brutus" />				</a>

    I have the same problem with all plugins deactivated.

    Any thoughts as to why this is happening or how it can be fixed?

  4. tomontoast
    Posted 2 years ago #

    Well I'd say its not a problem because you know that those files can't be malicious and you won't be worried if they leak, technically its a bug so you should report it as a new ticket on trac http://core.trac.wordpress.org/newticket

  5. TedFolkman
    Posted 2 years ago #

    Thank you! I have reported it. I appreciate your help.

  6. tomontoast
    Posted 2 years ago #

  7. cederom
    Posted 2 years ago #

    The same problem here, please fix, the original bug is still present since 3.0.3 (2 years)??

  8. tomontoast
    Posted 2 years ago #

    Put this in functions.php as a quick fix:

    function fix_ssl_attachment_url( $url ) {
    	if ( is_ssl() )
    		$url = str_replace( 'http://', 'https://', $url );
    	return $url;
    add_filter( 'wp_get_attachment_url', 'fix_ssl_attachment_url' );
  9. beginr
    Posted 2 years ago #

    @tomontoast Thank you so much! that code worked for me. :)

  10. beginr
    Posted 2 years ago #

    hey @tomontoast how would i do the same for any plugins?


  11. beginr
    Posted 2 years ago #

    actually, I defined the site address in the wp-config file as stated in wordpress codex. Thanx anyway :)

Topic Closed

This topic has been closed to new replies.

About this Topic