[wp-hackers] Best way to avoid mixed http/https content

David Anderson david at wordshell.net
Fri Feb 28 12:13:08 UTC 2014


I'm aware that there are *lots* of ways to avoid mixed http/https 
content warnings, but I'm looking for any insight into the best way of 
doing this. The use case is for a site that is intended to be available 
over both http and https.

In particular, I'm talking about content inside posts. (Not about the 
admin area, or plugin resources (e.g. JavaScript, CSS)).

The WordPress editor always inserts full links for media. i.e. It 
includes the uploads URL setting (which can of course be set in 
different ways). This is good, because it means that you can move the 
site from one place to another, and you just need to search/replace the 
URLs. However, that doesn't work well if the site is meant to be 
available via both http and https. It'll cause mixed content warnings.

So, you could manually edit the links to remove the protocol. i.e. 
change your image links from 
https://example.com/wp-content/uploads/etc.png to 
//example.com/wp-content/uploads. That's rather cumbersome, though - and 
makes the search/replace (slightly) more complex when moving from live 
to staging/dev, etc. If you change to relative links, 
/wp-content/uploads, then that's also cumbersome, and makes any 
search/replace very dangerous.

So, I think the best solution to this is probably a plugin that 
dynamically filters the post output, depending on whether is_ssl() is true.

Does this seem right? If so, any suggested plugins? 
http://wordpress.org/plugins/wordpress-https/ looks like the "big beast" 
in the area, but to my mind a plugin author who can't be bothered to 
update his readme.txt beyond " Compatible up to: 3.5.2" isn't committed, 
so you're setting yourself up for future trouble by ignoring that red 
flag. Presumably this simple use case could be done with just a quick 
filter on the content and I should do that. Again, I'm wondering if 
anyone has experience/advice on this.

Best wishes,

UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net

More information about the wp-hackers mailing list