Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#43552 closed defect (bug) (worksforme)

SSL Websites using WordPress - Horizontal Admin Bar reverts to non-SSL links

Reported by: laughter-on-water's profile Laughter On Water Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Administration Keywords:
Focuses: administration Cc:


Using SSL, Theme Twenty-Seventeen
When I'm at< whatever > and I hover over any of the vertical menus, I get the expected https linked administrative links. (See green lines depicting correct function.)

When I go to any of the horizontal administrative menu or some of the other links (see red lines depicting incorrect function) I am sent to non SSL links.

I can't be sure, but it seems unintentional, since my browser goes kerflooey when I try to go from https to http via an admin link to view the posted page.

Yeah, it's SSL, but I'm not sure this is a true security issue as much as it's an admin menu/core links thing. If this is a security issue, please let me know and I'll post in the WP HackerOne area. I've included a list of my site's general configurations just in case they'll help.

Diagnostic Glance 0.9.1

WordPress Version: 4.9.4

Listed Themes

[a] Twenty Seventeen - Version 1.4
1 themes present.

Listed Plugins

[ ] Ad Codes Widget - Version 110709
[a] Advanced noCaptcha reCaptcha - Version 2.4
[a] Anti-spam - Version 4.4
[a] Black Studio TinyMCE Widget - Version 2.6.2
[a] BulletProof Security - Version 2.9
[a] Diagnostic Glance - Version 0.9.2
[a] Electric Studio Download Counter - Version 2.4
[a] Fast Secure Contact Form - Version 4.0.56
[a] Google Analyticator - Version 6.5.4
[a] Google XML Sitemaps - Version 4.0.9
[a] Redirection - Version 3.2
[a] Social Media Follow Buttons Bar - Version 4.29
[a] TinyMCE Advanced - Version 4.6.7
[ ] W3 Total Cache - Version 0.9.6
[a] Widget Logic - Version 5.9.0
[a] WPS Hide Login - Version
14 active plugins out of 16 present

WordPress Config

Permalink Structure: /%year%/%monthnum%/%postname%/
Category Base: topics
Tag Base: tags
WP Max Memory Limit: 256M
WP Memory Limit: 40M
WP Max Upload Size: 64M
WP Cache: off
WP Debug: off
WP Debug Log: off
WP Debug Display: on
Display Errors: on
Log Errors: off
Error Log Path:
Concatenate Scripts: default*
Allow Multisite: default*
Disable Auto Updates: default*
Enable Core Updates: default*
Disallow File Edit: default*
Disallow File Mods: default*
*default - not explicitly set in wp-config.php,
so wp defaults apply.

Hosting and System Config

Server: Apache
PHP Version: 7.0.28
MySQL Database Version: 5.6.34
PHP Memory Limit: 256M
PHP Max Upload Size: 64M
PHP Post Max Size: 65M
PHP SAPI: cgi-fcgi.

PHP Extensions [ 49 Enabled ]

bcmath, bz2, calendar, cgi-fcgi,
Core, ctype, curl, date,
dom, exif, filter, ftp,
gd, gettext, hash, iconv,
imagick, imap, json, libxml,
mbstring, mcrypt, mysqli, mysqlnd,
openssl, pcntl, pcre, PDO,
pdo_mysql, pdo_sqlite, posix, pspell,
Reflection, session, SimpleXML, soap,
sockets, SPL, sqlite3, standard,
tokenizer, xml, xmlreader, xmlrpc,
xmlwriter, xsl, Zend OPcache, zip,

Apache Module List Unavailable

You're running PHP as cgi-fcgi.

General Site Statistics

Administrators: 1
Contributors: 1
Nones: 0
Total Users: 2
Published Pages: 2
Draft Pages: 0
Published Posts: 3
Draft Posts: 2
Comments in Moderation: 0
Comments Approved: 0
Comments Spam: 0
Comments Trash: 0
All Comments: 0
Images: 15
Other Media: 0
All Media: 15

Change History (3)

#1 follow-up: @dd32
5 years ago

  • Keywords reporter-feedback added

Hey, and welcome to Trac.

What are the "WordPress Address (URL)" and "Site Address (URL)" settings set to under Settings -> General?

Based on what I'm seeing when visiting your site, it's likely that the former is set to http instead of https.

#2 in reply to: ↑ 1 @Laughter On Water
5 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Thanks. This has done the trick. So, not a bug. Except I wonder if core should detect whether you're using SSL or not and jigger the those links appropriately.

Replying to dd32:

Hey, and welcome to Trac.

What are the "WordPress Address (URL)" and "Site Address (URL)" settings set to under Settings -> General?

Based on what I'm seeing when visiting your site, it's likely that the former is set to http instead of https.

#3 @ocean90
5 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Version 4.9.4 deleted
Note: See TracTickets for help on using tickets.