HTTPS Insecure Content Fixer Plugin


If you’ve got a site running on HTTPS and you try to throw in some HTTP content, the browser gets nervous. If you’ve recently made a shift to HTTPS you might notice content that was successfully embedded disappearing. If you look in the browser (right click>inspect element in Chrome), you’ll see an error like the one above.

What you want in this scenario is protocol relative URLS . . . essentially a URL without the leading http/https. That lets the page load via the one protocol that matches (assuming it exists- some sites won’t supply HTTPS options).1

I ran into this problem with files we uploaded via Gravity Forms prior to the switch to HTTPS. There are a number of ways to deal with this (including search/replace at the database level) but we’re under a very heavy load at the moment and I just needed a quick fix. This solution will also allow people to do whatever they want on an ongoing basis better than a database response.

This tiny little filter plugin is the result. All it does is use PHP’s preg_replace (regex) function to find any instances of HTTP or HTTPS (capital or lowercase) and remove them. I’m still amazed by regex but always end up having to spend a bit of time reminding myself of how it works at http://regexr.com/.

/**
 * Plugin Name: not so insecure
 * Plugin URI: https://bionicteaching.com/
 * Description: deal with move to https and insecure content warnings
 * Version: .7
 * Author: Tom Woodward
 * Author URI: http://bionicteaching.com
 * License: GPL2
 */
 
 /*   2016 Tom Woodward   (email : bionicteaching@gmail.com)
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as 
    published by the Free Software Foundation.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

function https_content_filter( $content ) {

        $content = preg_replace('/(https*:|HTTPS*:)+/', '', $content);

    return $content;
}

add_filter( 'the_content', 'https_content_filter' );


1 Reading more about it, it seems forcing the HTTPS connection where available is encouraged. I’ll think about that more later.