In recent releases of WordPress there have been various improvements made to support for sites running on HTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information.. While support is currently very good, it’s still too easy to end up with mixed content on a site (HTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. content embedded within an HTTPS page), and especially so when migrating an existing site from HTTP to HTTPS.
There will be a discussion meeting in the #core-http Slack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel on Wednesday, January 27, 2016 at 2000 UTC. This is one hour before the regular weekly meeting in #core. I’d like to discuss three topics:
- Implementing an (opt-in) method of forcing a site to use HTTPS.
- What should this cover? (Embedded content, enqueued scripts/styles, links, redirects)
- How should it be implemented? (eg. filter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output./constant/automatic)
- Defaulting to HTTPS for new installs when it’s available.
- Only applies when setting up a site over HTTP and it’s available over HTTPS.
- Need to communicate clearly to the user what this implies, with option to toggle.
- Aiding in switching an existing site from HTTP to HTTPS.
- Migrating existing embedded content.
- Should this be a feature plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins.?
If you’re interested in helping out with any of the above, or with HTTPS improvements in general, join us on Wednesday.
Further reading: the https tag on Core Trac.