Force HTTPS or Relative URLs for Media in Posts

I use the https plugin – https://www.ads-software.com/plugins/wordpress-https/ – and force https for my domain.

I’m trying to identify the way to do this without yet another plugin. There has to be something in the loop which defines the protocol used for attached media. I just can’t seem to find it …

You understand that the plugin handles all the code you’re trying to write, right?

Yes. But *every* aspect of the site, and server as a whole, is https already – even if you copy image address and paste into a new window, it forces ssl.

The *only* instance when content is not served via https is media in a post. To me, that seems like there must be a simple solution, related to the way the media is inserted.

Using a plugin to fix this feels redundant and will require additional maintenance. So, if there is a means to solve it otherwise, that makes more sense to me. No?

Yes and no.

Depends on your answer here: How did you set up WordPress to be HTTPS already?

The IT staff who set up the server did it all in the Apache configuration.

Okay so you have no idea how anyone set up WordPress (not the server).

The reason I suggest you use the plugin is because it does everything you’d be doing manually. Go and read the code to understand how it properly forces everything to https in a way that will prevent the images from being a problem. It handles all the filters, and probably knows more of them than I could list.

The plugin is the preferred method, today, for this, especially for Multisite, which is a lot more complicated.

FWIW, if you were using single site, I’d tell you to just change your home and site URLs to https and that should cover everything. Can’t really do that so well in Multisite without some serious DB jiggering. Yet. We’re working on that ??

I didn’t say I have no idea how anyone set up WordPress.

We set up the SERVER to be https. Not WordPress. I would imagine that WP would simply respect the environment it’s in, but it seems like your response is that WP does what it wants.

I suppose I’ll use the plugin, just for the sake of resolution, but it would be fantastic if there could simply be a general setting in WP (single or multi) that allowed “Run all through https”

Thanks for kicking this around with me.

Two of us have played with the plugin and various configurations. No luck. Still shows as insecure content. Thoughts?

I would imagine that WP would simply respect the environment it’s in, but it seems like your response is that WP does what it wants.

No, but since you didn’t know that, I stand by my statement that y’all don’t know how WP was set up for HTTPS.

Let me explain for you: When you install WP, you tell it your URL is https://example.com OR https://example.com — You do not, never have, never will, get both of those. If you want a network to be 100% https, then you should have (when installed), been https from the start. That you’re not is why you have your IMAGES with http and the posts with https. The URLs are hard coded into your post content.

The fix?

Edit the database.

If you want the whole site to be https everything, you do a DB search/replace (I would use https://github.com/interconnectit/Search-Replace-DB personally) and look for https://blogs.hope.edu/ – replace with https://blogs.hope.edu/

THEN go into wp_blog and wp_sites and see if that’s https as well. In theory that’ll get everything.

Repeat for each site on the network.

While I very much appreciate your insights, knowledge, experience, and willingness to help, I must say that in order to appreciate those aspects found in the morsels of this collaborative conversation, I have to refill my proverbial salt shaker because every word you share seems to be in an aloof, terse and condescending manner such that I’ve run out of grains to take them with …

I’ll try your latest suggestion on our development server and see how it pans out. Thanks again for discussing this with me and aiding in a resolution.

If you look at it from my end, I’m a totally stranger to your setup, and I get information in dribs and drabs so I TRY to ask questions in ways that get me the information I need to understand if you actually initially asked the right thing or not.

See… I know from experience if you set up WP to be https from the start, you don’t have to go back and edit things, so I have to figure out where the step was missed on your setup so that I don’t fix your old posts without actually getting you the NEW ones right too! ??

The issue is twofold here.

1) You have to edit all older posts (sucky but editing the DB is it)

2) You have to make sure all NEW posts use https by default

So I was trying to make sure 2 was okay before backing into 1, so you didn’t think that was IT and wander off. Happens way too often.

If it sounded brusque, all I can say is text absolutely SUCKS for reading into emotions :/ Like that emoticon? People tell me sometimes it’s me being snide. It’s really me making a literal sideways smile of “Ugh, what a mess, how can we fix it?”

I try not to post on the forums at all if I’m in a bad or curt mood. That never helps anyone ??

I’ve gone through the database in a series of “find and replace” and modified the following to include the magic “s”

‘siteurl’,’https://
‘home’,’https://
src=\”https://blogs.hope.edu/
a href=\”https://blogs.hope.edu/

This has accomplished two goals. All existing sites and their media are now embedded and linked via https. Any new media added to existing site is also https.

However, when I add a new site, media added is NOT via https. Any thoughts on why it’s not sticking to new sites in the network?

Did you change the new sites to be https in the DB? wp_blog and wp_sites generally won’t get fixed by that search/replace :/

Also what’s the https situation on the MAIN site?

I suppose I don’t know where to find the https for the new sites … I search for wp_blog and wp_sites and get no results :/

The main site and all existing sites, and their media, are all https