I've searched here and the WP Codex but haven't found anything.
I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.
However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:
There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);
I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.
Does anyone have any suggestions how I fix this?
I've searched here and the WP Codex but haven't found anything.
I have recently added an SSL Cert to a client site. The front end is fine and there are no insecure elements.
However, the admin dashboard has lots of insecure elements. A simple search shows that there are about 20 files in both wp-admin and wp-includes that have the following link hard coded:
http://www.w3/1999/xhtml
There is no switch, as when using this config: define('FORCE_SSL_ADMIN', true);
I understand what this link is, and why it is needed. But I do not want to edit the core to force Admin to be secure.
Does anyone have any suggestions how I fix this?
There isn't a proper https/SSL variant of the link you have given, so probably, likely you are getting problems when enforcing it - no matter how you do it. I strongly assume that is the reason why the "unsecure" URL is used in the first place.
From comment:
So does this mean it is impossible to have a truly secure dashboard?
Firstly I'd say, the URL you are talking about is more or less documentary. Secondly, if an external source is malicious, then it really doesn't matter if it is accessed via SSL or not.
