How to get the post editor and media library to respect HTTPS administration mode?

Question

I have a site with FORCE_SSL_ADMIN turned on. When I'm editing a post with an embedded image, or when I'm viewing images through the media library, they are loaded using the http:// protocol rather than https. This causes a mixed-content warning in IE, which clients kind of freak out about.

Does anyone have a recommended approach for finding/replacing these non-secure image URLs while viewing them through the admin?

The frontend loads over regular http, so I don't want to do any replacing in the DB that will force images to load over https outside of the admin.

I figure this has to be a common problem, so I'd appreciate any advice, even if it's "you can't do that".

Answer 1

You can't right now. This needs to be fixed in wordpress core. Probably this can be temporarily circumvented for a fraction of the problems with a plugin, but it's much more valuable to invest the time developing something in an actual fix of wordpress.

Answer 2

Thankfully the fix for core.trac.wordpress.org/ticket/15928 is scheduled to be included in the next release. Until then, you can use the following code as a work-around. ( Props to Andrew Tetlaw for the fix. )

Add it to your theme's functions.php file, or put in a file (i.e. fix_ssl.php ) and place it in your wp-content/mu-plugins folder.

function fix_ssl_siteurl($url) {
  if ( 0 === strpos($url, 'http') && is_ssl() )
    $url = str_replace( 'http://', 'https://', $url );
  return $url;
}
add_filter('option_siteurl', 'fix_ssl_siteurl');
add_filter('option_home', 'fix_ssl_siteurl');
add_filter('option_url', 'fix_ssl_siteurl');
add_filter('option_wpurl', 'fix_ssl_siteurl');
add_filter('option_stylesheet_url', 'fix_ssl_siteurl');
add_filter('option_template_url', 'fix_ssl_siteurl');