that looks good in my eyes. but i just had the same issue, that’s why i stumbled over your question. i fixed it in my case with if (!wp_verify_nonce($_POST[‘nonce’], ‘nonce’)) { die(__(‘Security Check failed’, ‘textdomain’)); } at the very beginning of my ajax action. no idea, where the 403 issue came from, since it worked … Read more
Yes, your page(s) are loading images, CSS, or JS files that are called in the HTML via non secure mode (http versus https). Install the Firebug extension on your Firefox browser and look at your URLs that are loading in network tab. Screenshot: https://skitch.com/noelsaw/rww31/fullscreen Or you could use Pingdom tools to see what URLs are … Read more
Instead of get_option, use home_url which will determine … the appropriate protocol, “https” if is_ssl() and “http” otherwise. If the $scheme argument is “http” or “https” the is_ssl() check is overridden. In fact, network_home_url would be more appropriate since you are talking about Multisite. Those should return the same value that you are trying the … Read more
You will need to use site_url($path_to_style_sheet, ‘https’) instead of bloginfo(). The home_url() method also supports https.
Main Issue As long as you are accessing the WordPress dashboard via HTTPS, new media items should be inserted into content using HTTPS in the associated media item URL. There is a bit more detail around that feature in this WordPress ticket: wp_get_attachment_url returns https when it should not. That ticket describes how wp_get_attachment_url returns … Read more
Go to your admin area, general settings, and update your “WordPress Address (URL)” and “Site Address (URL)” field value with https. and then update your permalinks setting, by simply click on “Save Changes” button. In case if you are not able to login to your admin area also, do this changes directly in your database. … Read more
If you developing wordpress on localhost, you have to do 2 important things when you want to make it live: 1- search and replace in your .sql backup file for localhost/wordpress and replace it with new address and then import it in your live server. 2- search and replace your whole code, if you use … Read more
Just do it in your .htaccess, it will be alot simpler. The important thing is that the rules are above WordPress’ rules. Setting L also states, that this shall be the last rule evaluated if a match was found # Redirect to https RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] # Redirect non-www … Read more
The media file item (really, a post type), has the URL of the media item as part of it’s data. So if you upload a media item when your site is at http:, then the URL of the item is stored as one of the meta values of the item. (It will be stored as … Read more
Searching for non-SSL references in the code base is a smart idea and you should probably report any you find on hackerone.com (the place to disclose WordPress vulnerabilities). I also suggest you review the WordPress Security page on wordpress.org. To answer your question, I would say WordPress has been audited extensively for various security vulnerabilities … Read more