I've searched here and the WP Codex but haven't found anything.
I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.
However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:
There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);
I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.
Does anyone have any suggestions how I fix this?
I've searched here and the WP Codex but haven't found anything.
I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.
However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:
http://www.w3/1999/xhtml
There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);
I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.
Does anyone have any suggestions how I fix this?
Share Improve this question edited Sep 16, 2015 at 11:26 Nicolai Grossherr 18.9k8 gold badges64 silver badges109 bronze badges asked Sep 16, 2015 at 10:05 Mr_DW_BrightonMr_DW_Brighton 235 bronze badges 1- Thanks. So does this mean it is impossible to have a truly secure dashboard? – Mr_DW_Brighton Commented Sep 16, 2015 at 11:12
1 Answer
Reset to default 1There isn't a proper https/SSL variant of the link you have given, so probably, likely you are getting problems when enforcing it - no matter how you do it. I strongly assume that is the reason why the "unsecure" URL is used in the first place.
From comment:
So does this mean it is impossible to have a truly secure dashboard?
Firstly I'd say, the URL you are talking about is more or less documentary. Secondly, if an external source is malicious, then it really doesn't matter if it is accessed via SSL or not.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745663457a4638978.html
评论列表(0条)