Picture of Brian Love wearing black against a dark wall in Portland, OR.

Brian Love

WordPress Plugin using HTTPS

This post is mainly focused at those using a WordPress plugin that is old (and probably should not be used anymore) and is causing issues when attempting to load your WordPress blog over SSL via HTTPS. Here is what happens: the browser is directed to https://yourblog.com and you notice that one of your plugins is not working. If you look in the JavaScript console you will see an error like this:

The page at ’https://yourblog.com’ was loaded over HTTPS, but ran insecure content from ’http://yourblog.com/wp-content/plugins/bad-plugin/required-asset.js

The issue here is that the plugin is not using the correct URL when specifying the required-asset.js (or whatever the file is in your case) file path. The fix it pretty easy. Upon looking into the plugin code I noticed that it was using the deprecated constant WP_PLUGIN_URL.

Here is the deprecated code:

define ('PLAYERSS_URL', WP_PLUGIN_URL .'/'. plugin_basename(dirname(__FILE__)) );

Here is the updated code:

define ('PLAYERSS_URL', plugins_url( '/', __FILE__));

Now that the plugin is no longer using the deprecated constant the plugin correctly loads the JavaScript via HTTPS when the page is requested using HTTPS.