Fixing Protocol Errors in WordPress Plugins

I recently started a new job as a full-time WordPress developer managing several websites and the myriad of custom themes, child themes, and plugins. This is a lesson learned from an issue I had with one plugin in particular.

Using Chrome on OS X, I get security warnings that a script wouldn’t load on a particular page. When I looked into it, I found it was because in wp-admin, my site url is set to http, but that page (and several others) is served from https. Since there’s a mix of protocols, good browsers will block scripts from running across SSL/non-SSL.

The plugin was using get_options('siteurl') to create the path string used to load scripts through wp_register_scripts. Switching to site_url(), which returns a string with the protocol that the page is being rendered on, lets me now safely load the scripts on any page in the site.

Here’s how it ended up looking:

[sourcecode language=”php”]
$old_root_url = get_options( ‘siteurl’ );
$root_url = site_url();

$path_flash = "$root_url/wp-content/plugins/$pluginName/js/swfobject.js";
[/sourcecode]

Hope that helps someone!