In recent releases of WordPress there have been various improvements made to support for sites running on HTTPS. While support is currently very good, it’s still too easy to end up with mixed content on a site (HTTP content embedded within an HTTPS page), and especially so when migrating an existing site from HTTP to HTTPS.
There will be a discussion meeting in the #core-http Slack channel on Wednesday, January 27, 2016 at 2000 UTC. This is one hour before the regular weekly meeting in #core. I’d like to discuss three topics:
- Implementing an (opt-in) method of forcing a site to use HTTPS.
- What should this cover? (Embedded content, enqueued scripts/styles, links, redirects)
- How should it be implemented? (eg. filter/constant/automatic)
- Defaulting to HTTPS for new installs when it’s available.
- Only applies when setting up a site over HTTP and it’s available over HTTPS.
- Need to communicate clearly to the user what this implies, with option to toggle.
- Aiding in switching an existing site from HTTP to HTTPS.
- Migrating existing embedded content.
- Should this be a feature plugin?
If you’re interested in helping out with any of the above, or with HTTPS improvements in general, join us on Wednesday.
Further reading: the https tag on Core Trac.