Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#25484 closed enhancement (fixed)

Thumbnails on Install Themes screen breaks SSL

Reported by: johnbillion Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Themes Keywords:
Focuses: administration Cc:


The thumbnails on the Install Themes screen are always loaded over HTTP, which produces a mixed content warning when using admin over SSL.

There are two parts to this:

  1. The site that theme thumbnails are loaded from (wp-themes.com) needs a valid SSL certificate. Current if you try to load a theme thumbnail over SSL you'll get a certificate warning because the cert is for wordpress.org.
  2. The thumbnails need to respect the admin area scheme when they're loaded.

Additionally, it's a bit odd that these thumbnails (and the theme previewer) come from wp-themes.com, which is not a familiar domain. Is there a reason it's not using wordpress.org or a subdomain thereof?

Change History (4)

#2 @toscho
4 years ago

  • Cc info@… added

#3 @jeremyfelt
4 years ago

  • Component changed from Administration to Themes
  • Focuses admin added

#4 @johnbillion
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to fixed
  • Status changed from new to closed

This has been fixed in recent months. Theme thumbnails are now loaded from ts.w.org and the URLs are protocol-relative.

Note: See TracTickets for help on using tickets.