wp admin - WP Core hard coded to use http:www.w3.org1999xhtml not HTTPS

admin管理员组

文章数量:1026989

I've searched here and the WP Codex but haven't found anything.

I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.

However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:

There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);

I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.

Does anyone have any suggestions how I fix this?

I've searched here and the WP Codex but haven't found anything.

I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.

However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded: http://www.w3/1999/xhtml

There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);

I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.

Does anyone have any suggestions how I fix this?

• wp-admin
• ssl

Share Improve this question edited Sep 16, 2015 at 11:26 Nicolai Grossherr 18.9k88 gold badges6464 silver badges109109 bronze badges asked Sep 16, 2015 at 10:05 Mr_DW_BrightonMr_DW_Brighton 2355 bronze badges 1

• Thanks. So does this mean it is impossible to have a truly secure dashboard? – Mr_DW_Brighton Commented Sep 16, 2015 at 11:12

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

There isn't a proper https/SSL variant of the link you have given, so probably, likely you are getting problems when enforcing it - no matter how you do it. I strongly assume that is the reason why the "unsecure" URL is used in the first place.

From comment:

So does this mean it is impossible to have a truly secure dashboard?

Firstly I'd say, the URL you are talking about is more or less documentary. Secondly, if an external source is malicious, then it really doesn't matter if it is accessed via SSL or not.

I've searched here and the WP Codex but haven't found anything.

I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.

However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:

There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);

I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.

Does anyone have any suggestions how I fix this?

I've searched here and the WP Codex but haven't found anything.

I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.

However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded: http://www.w3/1999/xhtml

There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);

I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.

Does anyone have any suggestions how I fix this?

• wp-admin
• ssl

Share Improve this question edited Sep 16, 2015 at 11:26 Nicolai Grossherr 18.9k88 gold badges6464 silver badges109109 bronze badges asked Sep 16, 2015 at 10:05 Mr_DW_BrightonMr_DW_Brighton 2355 bronze badges 1

• Thanks. So does this mean it is impossible to have a truly secure dashboard? – Mr_DW_Brighton Commented Sep 16, 2015 at 11:12

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

There isn't a proper https/SSL variant of the link you have given, so probably, likely you are getting problems when enforcing it - no matter how you do it. I strongly assume that is the reason why the "unsecure" URL is used in the first place.

From comment:

So does this mean it is impossible to have a truly secure dashboard?

Firstly I'd say, the URL you are talking about is more or less documentary. Secondly, if an external source is malicious, then it really doesn't matter if it is accessed via SSL or not.

本文标签： wp adminWP Core hard coded to use httpwwww3org1999xhtml not HTTPS