WordPress HTTPS (SSL) - Version 1.5

Version Description

  • Added the ability to force SSL on certain pages.
  • Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
  • Plugin now filters the bloginfo and bloginfo_url functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 1.5
Comparing to
See all releases

Code changes from version 1.0.1 to 1.5

Files changed (4) hide show
  1. readme.txt +36 -21
  2. screenshot-1.png +0 -0
  3. screenshot-2.png +0 -0
  4. wordpress-https.php +149 -14
readme.txt CHANGED
@@ -2,22 +2,33 @@
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
  Tags: encrypted, ssl, http, https
5
- Requires at least: 2.1.0
6
  Tested up to: 3.0.1
7
- Stable tag: 1.0.1
8
 
9
- Prevents HTTPS pages from loading non-HTTPS elements. Also gives the option to disable WordPress 3.0+ from changing links to HTTPS.
10
 
11
  == Description ==
12
 
13
- This plugin in intended to be the all-in-one solution to the partially encrypted error that many people see on their WordPress sites when using HTTPS. Here are the currently available features:
14
 
15
  <ul>
16
- <li>Automatically changes all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS.</li>
17
- <li>The option to change external elements to HTTPS. The plugin will check for the existence of the external elements over HTTPs, and if it's available, will change the source to HTTPS.</li>
18
- <li>The option to override the external element HTTPS check. If you know that all external elements can be loaded over HTTPS, this option will save some load time on your pages.</li>
19
- <li>The option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.</li>
 
 
20
  </ul>
 
 
 
 
 
 
 
 
 
21
  == Installation ==
22
 
23
  1. Upload `wordpress-https.php` to the `/wp-content/plugins/` directory
@@ -27,30 +38,34 @@ This plugin in intended to be the all-in-one solution to the partially encrypted
27
 
28
  = How do I make my whole website HTTPS? =
29
 
30
- To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Read this to learn <a href="http://codex.wordpress.org/Changing_The_Site_URL">how to change the site url</a>.
31
 
32
  = How do I make only my administration panel HTTPS? =
33
 
34
- WordPress already has the process well documented. Read this to learn <a href="http://codex.wordpress.org/Administration_Over_SSL">how to set up administration over SSL</a>.
35
 
36
- = What does this plugin do? =
37
 
38
- Sometimes when a page is loaded via HTTPS, the elements on that page (images, scripts, and stylesheets) may not also be loaded via HTTPS. This plugin ensures that that happens.
39
 
40
- This plugin also provides the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
41
 
42
- = Why do elements not automatically load over HTTPS? =
43
-
44
- Some, but not all, plugins check for HTTPS when adding the extra scripts and stylesheets to your pages. The ones that do not will cause the page to be loaded insecurely. This is due to the way in which the plugin developer adds the elements to your pages.
45
-
46
- Adding JavaScript files to the header and footer of your site by manually adding them to your template files with static URL's, or loading external scripts over HTTP such as JavaScript libraries from the <a href="http://code.google.com/apis/libraries/">Google Libraries API</a> will also cause this issue.
47
-
48
- = How do you fix it? =
49
 
50
- My plugin simply replaces HTTP with HTTPS in the source code where it needs to be changed. If my plugin does not fix your website not loading 100% over HTTPS, <a href="http://wordpress.org/tags/wordpress-https#postform">drop me a line</a> and I'll take a look at it.
 
 
51
 
52
  == Changelog ==
53
 
 
 
 
 
54
  = 1.0.1 =
55
  * Bug fix.
56
  = 1.0 =
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
  Tags: encrypted, ssl, http, https
5
+ Requires at least: 2.7.0
6
  Tested up to: 3.0.1
7
+ Stable tag: 1.5
8
 
9
+ Features: Force HTTPS on only certain pages. Fix partially encrypted errors. Disable WordPress from changing links to HTTPS. And more!
10
 
11
  == Description ==
12
 
13
+ This plugin in intended to be an all-in-one solution to using SSL on WordPress sites. Here are the currently available features:
14
 
15
  <ul>
16
+ <li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
17
+ <li>Force HTTPS on only the pages you need to be HTTPS.</li>
18
+ <li>Force pages to HTTP that have not been forced to HTTPS.</li>
19
+ <li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPs and, if available, will change them to HTTPS.</li>
20
+ <li>Override the external element HTTPS check. If you know that all external elements can be loaded over HTTPS, this option will save some load time on your pages.</li>
21
+ <li>Disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.</li>
22
  </ul>
23
+
24
+ There are a few things that can cause a page to still be loaded insecurely after enabling this plugin.
25
+ <ul>
26
+ <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS.</li>
27
+ <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
28
+ </ul>
29
+
30
+ If you're still having trouble getting your site to load over HTTPS, or any other issues, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
31
+
32
  == Installation ==
33
 
34
  1. Upload `wordpress-https.php` to the `/wp-content/plugins/` directory
38
 
39
  = How do I make my whole website HTTPS? =
40
 
41
+ To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL">how to change the site url</a>.
42
 
43
  = How do I make only my administration panel HTTPS? =
44
 
45
+ WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL">how to set up administration over SSL</a>.
46
 
47
+ = How do I make only certain pages HTTPS? =
48
 
49
+ As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
50
 
51
+ = Will this plugin fix all of my partially encrypted errors? =
52
 
53
+ In most cases, yes. There are limitations to what this plugin can fix. Here are a few that I've run into:
54
+ <ul>
55
+ <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS.</li>
56
+ <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
57
+ </ul>
 
 
58
 
59
+ == Screenshots ==
60
+ 1. WordPress HTTPS Settings screen
61
+ 2. Force SSL checkbox added to add/edit posts screen
62
 
63
  == Changelog ==
64
 
65
+ = 1.5 =
66
+ * Added the ability to force SSL on certain pages.
67
+ * Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
68
+ * Plugin now filters the `bloginfo` and `bloginfo_url` functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
69
  = 1.0.1 =
70
  * Bug fix.
71
  = 1.0 =
screenshot-1.png ADDED
Binary file
screenshot-2.png ADDED
Binary file
wordpress-https.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: Prevents HTTPS pages from loading non-HTTPS elements. Also gives the option to disable WordPress 3.0+ from changing links to HTTPS.
6
  Author: Mike Ems
7
- Version: 1.0.1
8
  Author URI: http://mvied.com/
9
  */
10
 
@@ -24,12 +24,15 @@ if ( !class_exists('WordPressHTTPS') ) {
24
  *
25
  * @private array
26
  */
27
- private $options_default = array(
28
- 'wordpress-https_externalurls' => 0, // Option to change external URL's to HTTPS
29
- 'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
30
- 'wordpress-https_disable_autohttps' => 0 // Disable the feature in WordPress 3.0+ that makes all links HTTPS if the page is being viewed via HTTPS.
31
- );
32
 
 
 
 
 
 
 
 
33
  /**
34
  * Initialize plugin
35
  *
@@ -37,26 +40,123 @@ if ( !class_exists('WordPressHTTPS') ) {
37
  * @return void
38
  */
39
  function __construct() {
 
 
 
 
 
 
 
 
 
 
 
40
  if ( is_admin() ) {
 
41
  add_action('admin_menu', array(&$this, 'menu'));
42
-
 
43
  foreach ( $this->options_default as $option => $value ) {
44
- if ( get_option($option) === FALSE ) {
45
  add_option($option, $value);
46
  }
47
  }
 
 
 
48
  }
49
-
 
 
 
 
 
50
  add_action('plugins_loaded', array(&$this, 'buffer_start'));
51
  //add_action('wp_footer', array(&$this, 'buffer_end'));
52
 
 
53
  if ( get_option('wordpress-https_disable_autohttps') == 1 ) {
54
  add_filter('page_link', array(&$this, 'replace_https'));
55
  add_filter('post_link', array(&$this, 'replace_https'));
56
  add_filter('category_link', array(&$this, 'replace_https'));
 
 
 
 
 
57
  }
58
  }
59
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
60
  /**
61
  * Add admin panel menu option
62
  *
@@ -88,7 +188,7 @@ if ( !class_exists('WordPressHTTPS') ) {
88
  if ( $key == 'wordpress-https_bypass' && @ini_get('allow_url_fopen') != 1 ) {
89
  $errors[] = 'PHP configuration error: allow_url_fopen must be enabled to allow the conversion of external elements to HTTPS.';
90
  $_POST[$key] = 0;
91
- } else if ($key == 'wordpress-https_disable_autohttps' && get_bloginfo('version') < 3.0) {
92
  $_POST[$key] = 0;
93
  }
94
  }
@@ -108,7 +208,7 @@ if ( !class_exists('WordPressHTTPS') ) {
108
  }
109
  echo " </ul>\n";
110
  } else {
111
- echo " <div class=\"updated below-h2 fade\" id=\"message\"><p><strong>Settings saved.</strong></p></div>\n";
112
  }
113
  }
114
  ?>
@@ -135,7 +235,7 @@ if ( !class_exists('WordPressHTTPS') ) {
135
  </fieldset>
136
  </td>
137
  </tr>
138
- <?php if (get_bloginfo('version') >= 3) { ?>
139
  <tr valign="top">
140
  <th scope="row">Disable Automatic HTTPS</th>
141
  <td>
@@ -147,6 +247,16 @@ if ( !class_exists('WordPressHTTPS') ) {
147
  </td>
148
  </tr>
149
  <?php } ?>
 
 
 
 
 
 
 
 
 
 
150
  </table>
151
  <p class="submit"><input type="submit" name="Submit" value="Save Changes" class="button-primary" /></p>
152
  <p>This plugin was created by <a href="http://mvied.com/" target="_blank">Mike Ems</a>.</p>
@@ -156,6 +266,31 @@ if ( !class_exists('WordPressHTTPS') ) {
156
  </div>
157
  <?php
158
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
159
 
160
  /**
161
  * Process output buffer
@@ -164,8 +299,8 @@ if ( !class_exists('WordPressHTTPS') ) {
164
  * @return string
165
  */
166
  function process($buffer) {
167
- if ( !empty($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 ) {
168
- if (get_bloginfo('version') > 3) {
169
  $httpsUrl = $this->replace_http(get_site_url());
170
  } else {
171
  $httpsUrl = $this->replace_http(get_bloginfo('home'));
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: Prevents HTTPS pages from loading non-HTTPS elements. Also gives the option to disable WordPress 3.0+ from changing links to HTTPS.
6
  Author: Mike Ems
7
+ Version: 1.5
8
  Author URI: http://mvied.com/
9
  */
10
 
24
  *
25
  * @private array
26
  */
27
+ private $options_default;
 
 
 
 
28
 
29
+ /**
30
+ * WordPress version
31
+ *
32
+ * @var int
33
+ */
34
+ var $wp_version;
35
+
36
  /**
37
  * Initialize plugin
38
  *
40
  * @return void
41
  */
42
  function __construct() {
43
+ // Format WordPress version for comparison. 2.9 => 29, 3.0 => 30, etc.
44
+ $this->wp_version = (int)substr(str_replace('.','',get_bloginfo('version')), 0, 2);
45
+
46
+ // Define default options
47
+ $this->options_default = array(
48
+ 'wordpress-https_externalurls' => 0, // Option to change external URL's to HTTPS
49
+ 'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
50
+ 'wordpress-https_disable_autohttps' => 0, // Disable the feature in WordPress 3.0+ that makes all links HTTPS if the page is being viewed via HTTPS.
51
+ 'wordpress-https_exclusive_https' => 0
52
+ );
53
+
54
  if ( is_admin() ) {
55
+ // Add admin menus
56
  add_action('admin_menu', array(&$this, 'menu'));
57
+
58
+ // Set default options
59
  foreach ( $this->options_default as $option => $value ) {
60
+ if ( get_option($option) === false ) {
61
  add_option($option, $value);
62
  }
63
  }
64
+ } else {
65
+ // If not admin, enable front-end redirection
66
+ add_action('wp_head', array(&$this, 'redirect'));
67
  }
68
+
69
+ // Add 'Force SSL' checkbox to add/edit post pages
70
+ add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
71
+ add_action('save_post', array(&$this, 'post_save'));
72
+
73
+ // Output buffering
74
  add_action('plugins_loaded', array(&$this, 'buffer_start'));
75
  //add_action('wp_footer', array(&$this, 'buffer_end'));
76
 
77
+ // Filter HTTPS from links in WP 3.0+
78
  if ( get_option('wordpress-https_disable_autohttps') == 1 ) {
79
  add_filter('page_link', array(&$this, 'replace_https'));
80
  add_filter('post_link', array(&$this, 'replace_https'));
81
  add_filter('category_link', array(&$this, 'replace_https'));
82
+ add_filter('get_archives_link', array(&$this, 'replace_https'));
83
+ add_filter('search_link', array(&$this, 'replace_https'));
84
+ add_filter('home_url', array(&$this, 'replace_https'));
85
+ add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
86
+ add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
87
  }
88
  }
89
 
90
+ /**
91
+ * Add 'Force SSL' checkbox to add/edit post pages
92
+ *
93
+ * @param none
94
+ * @return void
95
+ */
96
+ function post_checkbox() {
97
+ global $post;
98
+
99
+ wp_nonce_field( plugin_basename(__FILE__), 'wordpress-https' );
100
+
101
+ $checked = false;
102
+ if ($post->ID) {
103
+ $checked = get_post_meta($post->ID, 'force_ssl', true);
104
+ }
105
+ echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force HTTPS: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';
106
+ }
107
+
108
+ /**
109
+ * Save Force SSL option to post or page
110
+ *
111
+ * @param int $post_id
112
+ * @return int $post_id
113
+ */
114
+ function post_save( $post_id ) {
115
+ if (array_key_exists('wordpress-https',$_POST)) {
116
+ if ( !wp_verify_nonce( $_POST['wordpress-https'], plugin_basename(__FILE__) )) {
117
+ return $post_id;
118
+ }
119
+
120
+ if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
121
+ return $post_id;
122
+ }
123
+
124
+ if ( 'page' == $_POST['post_type'] ) {
125
+ if ( !current_user_can( 'edit_page', $post_id ) ) {
126
+ return $post_id;
127
+ }
128
+ } else {
129
+ if ( !current_user_can( 'edit_post', $post_id ) ) {
130
+ return $post_id;
131
+ }
132
+ }
133
+
134
+ $forceSSL = (($_POST['force_ssl'] == 1) ? true : false);
135
+ if ($forceSSL) {
136
+ update_post_meta($post_id, 'force_ssl', 1);
137
+ } else {
138
+ delete_post_meta($post_id, 'force_ssl');
139
+ }
140
+
141
+ return $forceSSL;
142
+ }
143
+ return $post_id;
144
+ }
145
+
146
+ /**
147
+ * Filters HTTPS urls from bloginfo function
148
+ *
149
+ * @param string $result
150
+ * @param string $show
151
+ * @return string
152
+ */
153
+ function bloginfo($result = '', $show = '') {
154
+ if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
155
+ $result = $this->replace_https($result);
156
+ }
157
+ return $result;
158
+ }
159
+
160
  /**
161
  * Add admin panel menu option
162
  *
188
  if ( $key == 'wordpress-https_bypass' && @ini_get('allow_url_fopen') != 1 ) {
189
  $errors[] = 'PHP configuration error: allow_url_fopen must be enabled to allow the conversion of external elements to HTTPS.';
190
  $_POST[$key] = 0;
191
+ } else if ($key == 'wordpress-https_disable_autohttps' && $this->wp_version < 30) {
192
  $_POST[$key] = 0;
193
  }
194
  }
208
  }
209
  echo " </ul>\n";
210
  } else {
211
+ echo " <div class=\"updated below-h2 fade\" id=\"message\"><p>Items saved.</p></div>\n";
212
  }
213
  }
214
  ?>
235
  </fieldset>
236
  </td>
237
  </tr>
238
+ <?php if ($this->wp_version >= 30) { ?>
239
  <tr valign="top">
240
  <th scope="row">Disable Automatic HTTPS</th>
241
  <td>
247
  </td>
248
  </tr>
249
  <?php } ?>
250
+ <tr valign="top">
251
+ <th scope="row">Force SSL Exclusively</th>
252
+ <td>
253
+ <fieldset>
254
+ <legend class="screen-reader-text"><span>Exclusively force SSL on posts and pages with the 'Force SSL' option checked. All others are redirected to HTTP.</span></legend>
255
+ <label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</label>
256
+ <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (screenshot). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
257
+ </fieldset>
258
+ </td>
259
+ </tr>
260
  </table>
261
  <p class="submit"><input type="submit" name="Submit" value="Save Changes" class="button-primary" /></p>
262
  <p>This plugin was created by <a href="http://mvied.com/" target="_blank">Mike Ems</a>.</p>
266
  </div>
267
  <?php
268
  }
269
+
270
+ /**
271
+ * Redirect posts and pages accordingly
272
+ *
273
+ * @param none
274
+ * @return void
275
+ */
276
+ function redirect() {
277
+ global $post;
278
+ if (is_single() || is_page() || is_home()) {
279
+ if ( $_SERVER['SERVER_PORT'] != 443 ) {
280
+ $forceSSL = get_post_meta($post->ID, 'force_ssl');
281
+ if ($forceSSL) {
282
+ header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
283
+ exit;
284
+ }
285
+ } else if ( get_option('wordpress-https_exclusive_https') == 1 ) {
286
+ $forceSSL = get_post_meta($post->ID, 'force_ssl');
287
+ if (!$forceSSL) {
288
+ header("Location: http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
289
+ exit;
290
+ }
291
+ }
292
+ }
293
+ }
294
 
295
  /**
296
  * Process output buffer
299
  * @return string
300
  */
301
  function process($buffer) {
302
+ if ( $_SERVER['SERVER_PORT'] == 443 ) {
303
+ if ($this->wp_version >= 30) {
304
  $httpsUrl = $this->replace_http(get_site_url());
305
  } else {
306
  $httpsUrl = $this->replace_http(get_bloginfo('home'));