Skip to content

10up/insecure-content-warning

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Insecure Content Warning

Insecure Content Warning

Support Level Required PHP Version Required WP Version WordPress tested up to version GPLv2 License Dependency Review E2E test Linting PHP Compatibility CodeQL WordPress Plugin Version

Prevent editors from adding insecure content in the editor.

Description

Insecure Content Warning helps content creators with secure (HTTPS) websites avoid insecure-content warnings in the browser by flagging any elements in the editor (such as images and embeds) that are being delivered or sourced from an insecure (HTTP) web address. All insecure elements are flagged before the content is published, and can be fixed manually or simply by clicking "fix it."

Compatible with both the block and classic editors.

Example of attempting to publish a post with insecure content - classic editor.

Requirements

  • PHP 7.4+.
  • WordPress 6.6+.
  • A secure / SSL (HTTPS) website, front and back end.

Installation

  1. Install the plugin via the plugin installer, either by searching for it or uploading a .zip file.
  2. Activate the plugin.

Usage

This plugin requires no configuration. Simply activate and the plugin will prevent posts with insecure elements from being published, as well as provide a banner with information on the offending assets.

Example of attempting to publish a post with insecure content - block editor.

Optional WP-CLI Commands

These are not required for normal usage of the plugin, but are available as a utility for more advanced usage.

wp icw fix

Used to fix insecure elements in existing content. Can target specific posts or bulk batches.

wp icw fix [<id>] [--include] [--all] [--post_type] [--limit] [--offset] [--dry-run]

Example: Fix all page content:

$ wp icw fix --all --post_type=page
Checking post content...
Total posts checked for insecure URL(s): 10
+-------------------------------------+
| URL(s) fixed summary                |
+-------------------------------------+
| 0/0 URL(s) fixed in post 98         |
| 0/0 URL(s) fixed in post 96         |
| 0/0 URL(s) fixed in post 76         |
| ...........................         |
| 0/0 URL(s) fixed in post 6          |
| 0/0 URL(s) fixed in post 1          |
+-------------------------------------+

Run wp help icw fix for more information.

Support Level

Stable: 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.

Changelog

A complete listing of all notable changes to Insecure Content Warning are documented in CHANGELOG.md.

Contributing

Please read CODE_OF_CONDUCT.md for details on our code of conduct, CONTRIBUTING.md for details on the process for submitting pull requests to us, and CREDITS.md for a listing of maintainers of, contributors to, and libraries used by Insecure Content Warning.

Like what you see?

Work with us at 10up