aerobrent

so basically what you’re saying is that you’ve got the admin in https so the image widget is trying to put the images behind SSL?

Yeah, that’s the issue, but not sure of the best solution. You can’t really assume the presence or lack of FORCE_SSL_ADMIN would indicate whether you want images to be served with HTTPS or not.

Can the images be inserted with relative links? IE, HTTP or HTTPS isn’t hard coded?

@linkomatic HTTPS can be enabled by editing the wp-config.php file for your site. There are two lines you could add, and the description of them and what they are and their function can be read about here: https://codex.www.ads-software.com/Administration_Over_SSL

One just forces logins over HTTPS, and the other forces both logins and the Admin page to go over HTTPS.

You need to make sure your web server (hosted or self hosted) is configured for HTTPS connections. Most offer this as a part of their service, but using an SSL certificate that’s not specific to your web site. This will trigger browser warnings that the site you’re connecting to uses a certificate that does not match the URL.

However, if you as the admin are the only one loggin into your site, then this is a non-issue. You just accept the connection and life is good.

The plus is that you won’t have people sniffing your usernames and passwords to your site, or hijacking your sessions after you’ve logged in. This is becoming an ever more common way for sites to get compromised. I was at a conference a while back, and I cringed every time I saw a speaker log into a live/customer’s site over the hotel provided wireless network, over plain, unencrypted HTTP.

The down side is that many developers don’t anticipate people securing their admin pages with HTTPS, and will often have plugins that break because the plug-ins try to connect to the control panel via hard coded HTTP. In this case, you either have to fix the plug-in, get the developer to do it, or abandon its use. EZPZ is one of these.

From what I can tell, the problem sites that I have that won’t back up with EZPZ are the ones with HTTPS enabled on the admin interface (which is all my production sites).

I did some testing: The same site with HTTPS disabled for administration will back up correctly, and show the backups in the window for download.

The same site with HTTPS enabled for administration, the backup download window is blank.

This seems to be a common issue with plug-ins, and EZPZ isn’t the only plug in that breaks when you use HTTPS for the admin console.

It’s probably easy enough to fix.

I see where this is happening, and is the result of an “HTTPS” enhancement of the plugin a while back.

if( $_SERVER[“HTTPS”] == “on” ) {
$instance[‘imageurl’] = str_replace(‘https://’, ‘https://’, $instance[‘imageurl’]);
}

The problem is that this is not a valid assumption. More often than not, people editing with FORCE_SSL_ADMIN enabled will not want their live content being served up via SSL. This is especially true if the live site has a self signed SSL cert.

Perhaps this bit of HTTPS code could be reworked.