[wp-trac] [WordPress Trac] #63490: Non secure sudomain site url in site activation email
WordPress Trac
noreply at wordpress.org
Tue May 27 14:03:02 UTC 2025
#63490: Non secure sudomain site url in site activation email
------------------------------------+-----------------------------
Reporter: umesh.nevase | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 6.8
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
I've enabled Network site settings for `Both site and user registration`.
After creating a subdomain and registering a new user site, I got the
email requesting site activation. Both a non-secure site URL and a site
activation URL are included in the email. The URL of the new site must be
secure. When an email contains a non-secure URL and open in browser, an
error message stating "Warning: Potential Security Risk Ahead" appears.
I've also checked for subdirectory install, the activation email also
contain nonsecure url for new subdirectory site.
Are we keeping the non secure in URL on purpose? We should have handle it
for subdirectory install at least by checking the main site is secure or
not.
Also there are inconsistencies for `http` and `https` url in activate and
signup emails.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63490>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list