[wp-trac] [WordPress Trac] #43552: SSL Websites using WordPress - Horizontal Admin Bar reverts to non-SSL links

WordPress Trac noreply at wordpress.org
Wed Mar 14 19:53:38 UTC 2018


#43552: SSL Websites using WordPress - Horizontal Admin Bar reverts to non-SSL
links
-------------------------------+-----------------------------
 Reporter:  Laughter On Water  |      Owner:
     Type:  defect (bug)       |     Status:  new
 Priority:  normal             |  Milestone:  Awaiting Review
Component:  Administration     |    Version:  4.9.4
 Severity:  normal             |   Keywords:
  Focuses:  administration     |
-------------------------------+-----------------------------
 Using SSL, Theme Twenty-Seventeen
 When I'm at https://amateurethicist.com/wp-admin/< whatever > and I hover
 over any of the vertical menus, I get the expected https linked
 administrative links. (See green lines depicting correct function.)

 When I go to any of the horizontal administrative menu or some of the
 other links (see red lines depicting incorrect function) I am sent to non
 SSL links.

 I can't be sure, but it seems unintentional, since my browser goes
 kerflooey when I try to go from https to http via an admin link to view
 the posted page.

 [[Image(https://c1.staticflickr.com/1/807/40101812644_88b204b3ae_b.jpg)]]

 Yeah, it's SSL, but I'm not sure this is a true security issue as much as
 it's an admin menu/core links thing. If this is a security issue, please
 let me know and I'll post in the WP HackerOne area. I've included a list
 of my site's general configurations just in case they'll help.

 === Diagnostic Glance 0.9.1 ===
 WordPress Version: 4.9.4

 == Listed Themes ==
 [a] Twenty Seventeen - Version 1.4
 1 themes present.

 == Listed Plugins ==
 [ ] Ad Codes Widget - Version 110709
 [a] Advanced noCaptcha reCaptcha - Version 2.4
 [a] Anti-spam - Version 4.4
 [a] Black Studio TinyMCE Widget - Version 2.6.2
 [a] BulletProof Security - Version 2.9
 [a] Diagnostic Glance - Version 0.9.2
 [a] Electric Studio Download Counter - Version 2.4
 [a] Fast Secure Contact Form - Version 4.0.56
 [a] Google Analyticator - Version 6.5.4
 [a] Google XML Sitemaps - Version 4.0.9
 [a] Redirection - Version 3.2
 [a] Social Media Follow Buttons Bar - Version 4.29
 [a] TinyMCE Advanced - Version 4.6.7
 [ ] W3 Total Cache - Version 0.9.6
 [a] Widget Logic - Version 5.9.0
 [a] WPS Hide Login - Version 1.2.5.1
 14 active plugins out of 16 present

 == WordPress Config ==
 Permalink Structure: /%year%/%monthnum%/%postname%/
 Category Base: topics
 Tag Base: tags
 WP Max Memory Limit: 256M
 WP Memory Limit: 40M
 WP Max Upload Size: 64M
 WP Cache: off
 WP Debug: off
 WP Debug Log: off
 WP Debug Display: on
 Display Errors: on
 Log Errors: off
 Error Log Path:
 Concatenate Scripts: default*
 Allow Multisite: default*
 Disable Auto Updates: default*
 Enable Core Updates: default*
 Disallow File Edit: default*
 Disallow File Mods: default*
 *default - not explicitly set in wp-config.php,
 so wp defaults apply.

 == Hosting and System Config ==
 Server: Apache
 PHP Version: 7.0.28
 MySQL Database Version: 5.6.34
 PHP Memory Limit: 256M
 PHP Max Upload Size: 64M
 PHP Post Max Size: 65M
 PHP SAPI: cgi-fcgi.

 == PHP Extensions [ 49 Enabled ] ==
 bcmath, bz2, calendar, cgi-fcgi,
 Core, ctype, curl, date,
 dom, exif, filter, ftp,
 gd, gettext, hash, iconv,
 imagick, imap, json, libxml,
 mbstring, mcrypt, mysqli, mysqlnd,
 openssl, pcntl, pcre, PDO,
 pdo_mysql, pdo_sqlite, posix, pspell,
 Reflection, session, SimpleXML, soap,
 sockets, SPL, sqlite3, standard,
 tokenizer, xml, xmlreader, xmlrpc,
 xmlwriter, xsl, Zend OPcache, zip,
 zlib

 == Apache Module List Unavailable ==
    You're running PHP as cgi-fcgi.

 == General Site Statistics ==
 Administrators: 1
 Contributors: 1
 Nones: 0
 Total Users: 2
 Published Pages: 2
 Draft Pages: 0
 Published Posts: 3
 Draft Posts: 2
 Comments in Moderation: 0
 Comments Approved: 0
 Comments Spam: 0
 Comments Trash: 0
 All Comments: 0
 Images: 15
 Other Media: 0
 All Media: 15

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43552>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list