I have a fix, I am not happy with it but it works:
I added define('FORCE_SSL_ADMIN', true);
to wp-config.php
Then I changed this method is_ssl()
in /wp-includes/load.php
to this. I think to avoid this bug, the define('FORCE_SSL_ADMIN', true);
check should have be used by the developers.
I added the line if( defined( FORCE_SSL_ADMIN ) ) return FORCE_SSL_ADMIN;
/**
* Determines if SSL is used.
*
* @since 2.6.0
* @since 4.6.0 Moved from functions.php to load.php.
*
* @return bool True if SSL, otherwise false.
*/
function is_ssl() {
if( defined( FORCE_SSL_ADMIN ) ) return FORCE_SSL_ADMIN;
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' == $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
PS: I think it is a bug because the code does not operate under a principle know as single source of truth