WordPress.org is now forced SSL

In the last week, we transitioned almost all of WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ to load over SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server..

In the coming weeks, any redirects that are temporary will become permanent, and we’ll be adding HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. Strict Transport Security (HSTS).

api.wordpress.org and downloads.wordpress.org still listen over HTTP as some servers out there do not have OpenSSL and thus cannot communicate with WordPress.org securely. (But if you hit api.wordpress.org with an SSL request, you will always get an SSL downloads URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org.)

If in a script you’re downloading https://wordpress.org/latest.zip or latest.tar.gz, please change this to https. Here are common issues you may run into:

  • Problems with curl? If you’re using curl without following locations (-L), your script will break. Switch to httpsHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information..
  • Problems with wget? If you are using an old version of wget (~1.12.1 or older), it will stumble on the SSL certificate. Switch to https. Also, update wget.

If you find any issues, please leave a comment here or open a meta ticket. Issues could include:

  • Any mixed content warnings.
  • Something that should be forced SSL but isn’t. Note: The Codex has not been redirected yet but it will be soon. Same goes for the global and mobile forums (*.forums.wordpress.org).
  • General breakage or weirdness.

This all applies to BuddyPress.org and bbPress.org too.