Title: [Plugin: WordPress HTTPS (SSL)] Broken images when page non-secure
Last modified: August 20, 2016

---

# [Plugin: WordPress HTTPS (SSL)] Broken images when page non-secure

 *  [cory6677](https://wordpress.org/support/users/cory6677/)
 * (@cory6677)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/)
 * When I have the WordPress HTTPS plugin active, which I only want to secure my
   back-end administration and login, it is causing external images in my content
   to be rewritten as “https” even though the pages themselves aren’t HTTPS, which
   breaks the external images. Only my administrator section is HTTPS. So a field
   that has <img src=”[http://ws.amazon…&#8221](http://ws.amazon…&#8221); in it 
   becomes <img src=”[https://ws.amazon…&#8221](https://ws.amazon…&#8221);, which
   doesn’t work.
 * The content boxes I’m referring to are custom created textareas with Advanced
   Custom Fields. I haven’t tried it in the main content WYSIWYG editor.
 * It appears to SAVE correctly, as in, if I correct them, then save, it fixes them.
   But it OPENS them incorrectly as HTTPS, so to work around it I’d have to correct
   them every time before saving.
 * [http://wordpress.org/extend/plugins/wordpress-https/](http://wordpress.org/extend/plugins/wordpress-https/)

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750268)
 * The code changes external resources to HTTPS if fetching that resource does not
   produce a 404. Can you provide an actual example?
 *  Thread Starter [cory6677](https://wordpress.org/support/users/cory6677/)
 * (@cory6677)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750313)
 * Here is the link (after being changed to https):
 * [https://ws.assoc-amazon.com/widgets/q?_encoding=UTF8&Format=_SL110_&ASIN=1592406521&MarketPlace=US&ID=AsinImage&WS=1&tag=gift0b4d-20&ServiceVersion=20070822](https://ws.assoc-amazon.com/widgets/q?_encoding=UTF8&Format=_SL110_&ASIN=1592406521&MarketPlace=US&ID=AsinImage&WS=1&tag=gift0b4d-20&ServiceVersion=20070822)
 * Remove the S on the HTTPS to see that it redirects to an image. Firefox doesn’t
   seem to attempt to connect at all as it sees an insecure security certificate
   and blocks it, so I suppose it might not be throwing a 404 specifically.
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750328)
 * The plugin does not verify that the SSL certificate is valid, only that the resource
   exists. This issue is not very common and I don’t have a good solution in place,
   yet. Eventually I’m going to add in the concept of SSL Domain Mapping so that
   you could configure the plugin to take any occurrence of ‘[http://ecx.images-amazon.com/&#8217](http://ecx.images-amazon.com/&#8217);
   on HTTPS pages to ‘[https://images-na.ssl-images-amazon.com/&#8217](https://images-na.ssl-images-amazon.com/&#8217);
   automatically. You could configure this for any number of external domains.
 *  [joe.toomey](https://wordpress.org/support/users/joetoomey/)
 * (@joetoomey)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750345)
 * I was just about to post a new topic when I read your last comment, Mvied. I’m
   working on making our whole site SSL only including the wordpress blog. We have
   a load balancer doing SSL offloading and I can configure a site global redirect
   to take care of all of the content on our site. But we have a wordpress plugin(
   digg-digg) that has hard coded non-ssl requests for which I can’t simply substitute“
   https” for “http” (because their use of akamai creates a server identification
   mismatch). A couple of examples are:
 * [http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/Rp8qyLZw2E2.png](http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/Rp8qyLZw2E2.png)
 * which I need to replace with
 * [https://s-static.ak.fbcdn.net/rsrc.php/v1/yN/r/Rp8qyLZw2E2.png](https://s-static.ak.fbcdn.net/rsrc.php/v1/yN/r/Rp8qyLZw2E2.png)
 * and
 * [http://w.sharethis.com/button/buttons.js?ver=3.3.1](http://w.sharethis.com/button/buttons.js?ver=3.3.1)
 * which I need to replace with
 * [https://ws.sharethis.com/button/buttons.js?ver=3.3.1](https://ws.sharethis.com/button/buttons.js?ver=3.3.1)
 * (note the hostname changes from w.* to ws.*).
 * All of this is to say that the SSL Domain mapping feature you describe above 
   would completely solve the problem for me. My current alternative is to work 
   with the digg-digg developers to get a SSL patch, but even that is problematic
   for me b/c the normal way for digg-digg to determine if they should use the SSL
   URLs is to test $_SERVER[‘HTTPS’]. But in my case that test will fail (b/c we’re
   doing SSL offloading and by the time the request gets to our production server,
   it’s not SSL anymore). Your solution would be ideal for me, so please consider
   this a big upvote for the direction you described. In the meantime, I’ll probably
   modify our copy of the digg-digg plugin and offer it to the digg-digg folks as
   a patch.
 * Thanks!
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750347)
 * You could patch their plugin to use my SSL detection. Gravity Forms has done 
   this.
 *     ```
       if ( isset($wordpress_https) && method_exists($wordpress_https, 'is_ssl')  ) {
       	$is_ssl = $wordpress_https->is_ssl();
       } else {
       	$is_ssl = is_ssl();
       }
       ```
   
 *  [joe.toomey](https://wordpress.org/support/users/joetoomey/)
 * (@joetoomey)
 * [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750348)
 * I like this idea. I’ll still have to modify their code to build in the SSL Domain
   mappings, but this will at least allow me to globally request SSL and not have
   to worry that SSL offloading hides that fact that the user is requesting the 
   page via SSL.
 * Thanks for this. And please post back if/when you decide to implement the SSL
   Domain mapping feature.
 * Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘[Plugin: WordPress HTTPS (SSL)] Broken images when page non-secure’ is
closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg)
 * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/)
 * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/)

 * 6 replies
 * 3 participants
 * Last reply from: [joe.toomey](https://wordpress.org/support/users/joetoomey/)
 * Last activity: [14 years ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-broken-images-when-page-non-secure/#post-2750348)
 * Status: not resolved