-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathforce-https.php
172 lines (151 loc) · 5.67 KB
/
force-https.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
<?php
/*
Plugin Name: Force HTTPS
Plugin URI: https://www.littlebizzy.com/plugins/force-https
Description: HTTPS enforcement for WordPress
Version: 2.0.3
Requires PHP: 7.0
Author: LittleBizzy
Author URI: https://www.littlebizzy.com
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.html
GitHub Plugin URI: littlebizzy/force-https
Primary Branch: master
*/
// prevent direct access
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
// disable wordpress.org updates for this plugin
add_filter( 'gu_override_dot_org', function( $overrides ) {
$overrides[] = 'force-https/force-https.php';
return $overrides;
}, 999 );
// Force HTTPS redirection for all non-HTTPS requests
add_action('init', function () {
if (!is_ssl() && !is_admin() && php_sapi_name() !== 'cli') {
if (!headers_sent()) {
$redirect_url = home_url(add_query_arg(null, null));
wp_safe_redirect(set_url_scheme($redirect_url, 'https'), 301);
exit();
}
}
}, 10);
// Force HTTPS on all URLs by replacing 'http://' with 'https://'
function fhttps_securize_url($url) {
if (strpos($url, 'http://') === 0) {
return set_url_scheme($url, 'https');
}
return $url;
}
// Apply HTTPS to all relevant WordPress filters
add_filter('script_loader_src', 'fhttps_securize_url', 20);
add_filter('style_loader_src', 'fhttps_securize_url', 20);
add_filter('wp_get_attachment_url', 'fhttps_securize_url', 20);
add_filter('the_permalink', 'fhttps_securize_url', 20);
add_filter('post_link', 'fhttps_securize_url', 20);
add_filter('page_link', 'fhttps_securize_url', 20);
add_filter('term_link', 'fhttps_securize_url', 20);
add_filter('home_url', 'fhttps_securize_url', 20);
add_filter('site_url', 'fhttps_securize_url', 20);
add_filter('network_site_url', 'fhttps_securize_url', 20);
add_filter('network_home_url', 'fhttps_securize_url', 20);
add_filter('template_directory_uri', 'fhttps_securize_url', 20);
add_filter('stylesheet_directory_uri', 'fhttps_securize_url', 20);
add_filter('get_avatar_url', 'fhttps_securize_url', 20);
add_filter('rest_url', 'fhttps_securize_url', 20);
// Ensure all URLs in the upload directory use HTTPS
add_filter('upload_dir', function($uploads) {
$uploads['url'] = set_url_scheme($uploads['url'], 'https');
$uploads['baseurl'] = set_url_scheme($uploads['baseurl'], 'https');
return $uploads;
});
// Apply HTTPS to all elements and attributes that can contain URLs
add_filter('the_content', function($content) {
// Convert all resources and hyperlinks to HTTPS
$content = preg_replace_callback(
'#(<(?:img|iframe|embed|source|script|link|meta|video|audio|track|object|form|area|input|button|a)[^>]+(?:src|srcset|data-src|data-href|action|poster|content|style|href|manifest)=["\'])(http://)([^"\']+)#',
function($matches) {
return $matches[1] . 'https://' . $matches[3];
},
$content
);
// Convert inline styles with URL() to HTTPS
$content = preg_replace_callback(
'#(<[^>]+(?:style)=["\'][^>]*?url\((http://)([^"\']+)\))#',
function($matches) {
return str_replace('http://', 'https://', $matches[0]);
},
$content
);
return $content;
}, 20);
// Enforce HTTPS for text widget content
add_filter('widget_text', function($content) {
return str_replace('http://', 'https://', $content);
}, 20);
// Enforce HTTPS for widget text content in newer WordPress versions
add_filter('widget_text_content', function($content) {
return str_replace('http://', 'https://', $content);
}, 20);
// Apply HTTPS to all URLs in custom menus
add_filter('nav_menu_link_attributes', function($atts) {
if (isset($atts['href']) && strpos($atts['href'], 'http://') === 0) {
$atts['href'] = set_url_scheme($atts['href'], 'https');
}
return $atts;
}, 20);
// Enforce HTTPS for oEmbed URLs
add_filter('embed_oembed_html', function($html) {
return str_replace('http://', 'https://', $html);
}, 20);
// Enforce HTTPS for any URLs used in shortcodes
add_filter('do_shortcode_tag', function($output) {
return str_replace('http://', 'https://', $output);
}, 20);
// Enforce HTTPS on wp_resource_hints
add_filter('wp_resource_hints', function($urls) {
if (is_array($urls)) {
foreach ($urls as &$url) {
if (is_array($url) && isset($url['href'])) {
$url['href'] = str_replace('http://', 'https://', $url['href']);
} elseif (is_string($url)) {
$url = str_replace('http://', 'https://', $url);
}
}
}
return $urls;
}, 20);
// Enforce HTTPS on attachment metadata
add_filter('wp_get_attachment_metadata', function($data) {
if (isset($data['file'])) {
$data['file'] = str_replace('http://', 'https://', $data['file']);
}
if (isset($data['sizes'])) {
foreach ($data['sizes'] as &$size) {
if (isset($size['file'])) {
$size['file'] = str_replace('http://', 'https://', $size['file']);
}
}
}
return $data;
}, 20);
// Enforce HTTPS on image srcsets
add_filter('wp_calculate_image_srcset', function($sources) {
foreach ($sources as &$source) {
if (isset($source['url'])) {
$source['url'] = str_replace('http://', 'https://', $source['url']);
}
}
return $sources;
}, 20);
// Enforce HTTPS on custom logo HTML
add_filter('get_custom_logo', function($html) {
return str_replace('http://', 'https://', $html);
}, 20);
// Enforce HTTPS for login/logout redirect URLs
add_filter('login_redirect', 'fhttps_securize_url', 20);
add_filter('logout_redirect', 'fhttps_securize_url', 20);
// Ensure redirects are HTTPS
add_filter('wp_redirect', 'fhttps_securize_url', 20);
// Ref: ChatGPT