diff --git c/src/wp-includes/formatting.php w/src/wp-includes/formatting.php
index 80e1545caf..b908aa3a92 100644
--- c/src/wp-includes/formatting.php
+++ w/src/wp-includes/formatting.php
@@ -2948,6 +2948,27 @@ function is_email( $email, $deprecated = false ) {
 }
 
 /**
+ * Verifies that an URL is valid wordpress one.
+ *
+ * @since 0.71
+ *
+ * @param string $url URL to verify
+ * @return string|bool Either false or the valid url.
+ */
+function is_wordpress_url( $url ) {
+	$parsed = parse_url($url, PHP_URL_SCHEME);
+	if (false === $parsed) {
+		return apply_filters( 'is_wordpress_url', false, $url, 'invalid_url' );
+	}
+
+	if (null === $parsed || ($parsed !== 'http' && $parsed !== 'https')) {
+		return apply_filters( 'is_wordpress_url', false, $url, 'invalid_scheme' );
+	}
+
+	return apply_filters( 'is_wordpress_url', $url, $url, null );
+}
+
+/**
  * Convert to ASCII from email subjects.
  *
  * @since 1.2.0
@@ -4159,7 +4180,7 @@ function sanitize_option( $option, $value ) {
 			if ( is_wp_error( $value ) ) {
 				$error = $value->get_error_message();
 			} else {
-				if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
+				if ( is_wordpress_url($value) ) {
 					$value = esc_url_raw( $value );
 				} else {
 					$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
@@ -4172,7 +4193,7 @@ function sanitize_option( $option, $value ) {
 			if ( is_wp_error( $value ) ) {
 				$error = $value->get_error_message();
 			} else {
-				if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
+				if ( is_wordpress_url($value) ) {
 					$value = esc_url_raw( $value );
 				} else {
 					$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );