HTTPS enforcement for WordPress
- added REST response object HTTPS filtering via
rest_post_dispatchwhile keeping final REST output filtering as a safety net
- hardened resource hint, image srcset, and upload directory HTTPS filtering with stricter URL checks
- added HTTPS filtering for author, archive, attachment, custom post type, feed, search, shortlink, and logout URLs
- fixed stale WordPress and WooCommerce filter registrations by using current hook names
- added HTTPS filtering for enqueued script and stylesheet asset URLs
- added HTTPS filtering for theme root, theme directory, and theme file URLs
- removed redundant WooCommerce REST prepare filters now covered by global REST response HTTPS filtering
- fixed oEmbed and custom logo HTTPS filtering by using the HTML output callback for HTML-returning hooks
- improved REST response HTTPS filtering for nested string values inside arrays
- registered WooCommerce filters on
plugins_loadedso HTTPS support is not missed due to plugin load order
- fixed nav menu link HTTPS filtering by using a dedicated callback for the attributes array passed by
nav_menu_link_attributes
- hardened HTTPS redirects by replacing
wp_redirectwithwp_safe_redirect - sanitized the request URI before building the HTTPS redirect URL
- updated
Tested up toheader for WordPress 7.0
- improved WP-CLI and WP-Cron compatibility by bypassing home/siteurl HTTPS filtering during command-line and scheduled tasks
- added
Tested up to,Update URI, andText Domainplugin headers - improved HTTPS redirects to skip WP-CLI, WP-Cron, and AJAX requests
- added early home/siteurl HTTPS filtering with
pre_option_homeandpre_option_siteurl - expanded HTTPS enforcement across WordPress URL, content, media, resource hint, and upload directory filters
- improved content parsing for HTML elements, including
<script>and<style>blocks - added WooCommerce URL/content filter support when WooCommerce is active
- cleaned up plugin structure, syntax, and compatibility
- added
Requires PHPplugin header
- improved
gu_override_dot_orgsnippet
- fixed
gu_override_dot_orgsnippet
- completely refactored code to WordPress standards
- no more defined constants or options (hardcoded to enforce HTTPS on all internal/external links and resources)
- much more extensive
add_filterrules and HTML enforcement of HTTPS - supports PHP 7.0 to 8.3
- supports Multisite
- fixed undefined variable error (new default $modified = false)
- improved composer.json
- updated metadata
- tested with WP 5.1
- updated metadata
- tweaked
composer.json
- PBP v1.2.0
- removed
FORCE_SSLconstant references - added support to force HTTPS on
sourceelements (previously unsupported) ... this fixes GitHub Issue #7 - late support for new FORCE_HTTPS defined constant
- define('FORCE_HTTPS', true);
- define('FORCE_HTTPS_EXTERNAL_LINKS', false);
- define('FORCE_HTTPS_EXTERNAL_RESOURCES', true);
- define('FORCE_HTTPS_INTERNAL_LINKS', true);
- define('FORCE_HTTPS_INTERNAL_RESOURCES', true);
- PBP v1.1.0
- tested with PHP 7.0, 7.1, 7.2
- tested with PHP 5.6 (no fatal errors only, tweaked code style and several corrections)
- better support for WP-CLI (fixes GitHub Issue #6/#2)
- simplified plugin class organization
- late support for FORCE_SSL constant aborting the plugin functionality in the last minute if false
- tested with WP 5.0
- updated metadata
- updated recommended plugins
- updated metadata
- updated metadata
- updated recommended plugins
- versioning correction (major changes in 1.0.6)
- (no code changes)
- changed filters to force HTTPS for external resources (but not hyperlinks) including
src,srcset,embed, andobject - (if an external resource does not exist in HTTPS version, it may generate a 404 error)
- (philosophy = "green padlock" more important than a resource 404 error)
- added warning for Multisite installations
- updated recommended plugins
- better support for
DISABLE_NAG_NOTICES
- partial support for
DISABLE_NAG_NOTICES - updated metadata
- tested with WP 4.9
- updated recommended plugins
- updated metadata
- filter to "skip" external hyperlinks
- better HTTPS filters for internal links, internal sources, and image
srcset - optimized plugin code
- added rating request notice
- updated recommended plugins
- added recommended plugins notice
- initial release