WordPress.org

Make WordPress Core

Changeset 49904


Ignore:
Timestamp:
12/23/2020 07:11:20 PM (9 months ago)
Author:
flixos90
Message:

Security, Site Health: Detect HTTPS support and encourage switching.

This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

  • Introduces wp_is_using_https() to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
  • Introduces wp_is_https_supported() to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-site-health.php

    r49650 r49904  
    14941494     *
    14951495     * @since 5.2.0
     1496     * @since 5.7.0 Updated to rely on {@see wp_is_using_https()} and {@see wp_is_https_supported()}.
    14961497     *
    14971498     * @return array The test results.
     
    14991500    public function get_test_https_status() {
    15001501        $result = array(
    1501             'label'       => __( 'Your website is using an active HTTPS connection.' ),
     1502            'label'       => __( 'Your website is using an active HTTPS connection' ),
    15021503            'status'      => 'good',
    15031504            'badge'       => array(
     
    15201521        );
    15211522
    1522         if ( is_ssl() ) {
    1523             $wp_url   = get_bloginfo( 'wpurl' );
    1524             $site_url = get_bloginfo( 'url' );
    1525 
    1526             if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
    1527                 $result['status'] = 'recommended';
    1528 
    1529                 $result['label'] = __( 'Only parts of your site are using HTTPS' );
    1530 
     1523        if ( ! wp_is_using_https() ) {
     1524            $result['status'] = 'critical';
     1525            $result['label']  = __( 'Your website does not use HTTPS' );
     1526
     1527            if ( is_ssl() ) {
    15311528                $result['description'] = sprintf(
    15321529                    '<p>%s</p>',
     
    15371534                    )
    15381535                );
    1539 
    1540                 $result['actions'] .= sprintf(
     1536            } else {
     1537                $result['description'] = sprintf(
     1538                    '<p>%s</p>',
     1539                    sprintf(
     1540                        /* translators: %s: URL to General Settings screen. */
     1541                        __( 'Your <a href="%s">WordPress Address</a> is not set up to use HTTPS.' ),
     1542                        esc_url( admin_url( 'options-general.php' ) )
     1543                    )
     1544                );
     1545            }
     1546
     1547            if ( wp_is_https_supported() ) {
     1548                $result['description'] .= sprintf(
     1549                    '<p>%s</p>',
     1550                    __( 'HTTPS is already supported for your website.' )
     1551                );
     1552
     1553                $result['actions'] = sprintf(
    15411554                    '<p><a href="%s">%s</a></p>',
    15421555                    esc_url( admin_url( 'options-general.php' ) ),
    15431556                    __( 'Update your site addresses' )
    15441557                );
    1545             }
    1546         } else {
    1547             $result['status'] = 'recommended';
    1548 
    1549             $result['label'] = __( 'Your site does not use HTTPS' );
     1558            } else {
     1559                $result['description'] .= sprintf(
     1560                    '<p>%s</p>',
     1561                    __( 'Talk to your web host about supporting HTTPS for your website.' )
     1562                );
     1563            }
    15501564        }
    15511565
  • trunk/src/wp-includes/default-filters.php

    r49226 r49904  
    337337    add_action( 'init', 'wp_cron' );
    338338}
     339
     340// HTTPS detection.
     341add_action( 'init', 'wp_schedule_https_detection' );
     342add_action( 'wp_https_detection', 'wp_update_https_detection_errors' );
     343add_filter( 'cron_request', 'wp_cron_conditionally_prevent_sslverify', 9999 );
    339344
    340345// 2 Actions 2 Furious.
  • trunk/src/wp-settings.php

    r49566 r49904  
    172172require ABSPATH . WPINC . '/class-wp-theme.php';
    173173require ABSPATH . WPINC . '/template.php';
     174require ABSPATH . WPINC . '/https-detection.php';
    174175require ABSPATH . WPINC . '/class-wp-user-request.php';
    175176require ABSPATH . WPINC . '/user.php';
Note: See TracChangeset for help on using the changeset viewer.