Insecure Content Warning - ChoosePlugin.com

Not yet.

Author:	10up (profile at wordpress.org)
WordPress version required:	6.6
WordPress version tested:	6.8
Plugin version:	1.2.2
Added to WordPress repository:	13-08-2019
Last updated:	24-04-2025
Rating, %:	0
Rated by:	0
Plugin URI:	https://wordpress.org/plugins/insecure-conten...
Total downloads:	5 234
Active installs:	10+
Click to start download

Insecure Content Warning helps content creators with secure (HTTPS) websites avoid insecure-content warnings in the browser by flagging any elements in the content editor (such as images, videos, and embeds) that are being delivered or sourced from an insecure (HTTP) web address. All insecure elements are flagged before the content is published, and can be fixed manually or simply by clicking “fix it.”

Compatible with the “classic” editor as well as the block editor (aka Gutenberg).

Technical Notes

Requires PHP 7.4+.
Requires a secure / SSL (HTTPS) website, front and back end.

Usage

This plugin requires no configuration. Simply activate and the plugin will prevent posts with insecure elements from being published, as well as provide a banner with information on the offending assets.

Optional WP-CLI Commands

These are not required for normal usage of the plugin, but are available as a utility for more advanced usage.

wp icw fix

Used to fix insecure elements in existing content. Can target specific posts or bulk batches.

wp icw fix [<id>] [--include] [--all] [--post_type] [--limit] [--offset] [--dry-run]

Example:
$ wp icw fix --all --post_type=page Checking post content... Total posts checked for insecure URL(s): 10 +-------------------------------------+ | URL(s) fixed summary | +-------------------------------------+ | 0/0 URL(s) fixed in post 98 | | 0/0 URL(s) fixed in post 96 | | 0/0 URL(s) fixed in post 76 | | ........................... | | 0/0 URL(s) fixed in post 6 | | 0/0 URL(s) fixed in post 1 | +-------------------------------------+

Run wp help icw fix for more information on the command args.

Screenshots
ChangeLog

1.2.2 – 2025-02-03

Note that this release bumps the WordPress minimum version from 6.4 to 6.6.

Changed: Bump WordPress minimum supported version from 6.4 to 6.6 (props @peterwilsoncc, @jeffpaul via #185, #191).
Security: Bump webpack from 5.89.0 to 5.94.0 (props @dependabot, @faisal-alvi via #186).
Security: Bump @wordpress/scripts from 27.1.0 to 30.6.0, express from 4.19.2 to 4.21.0 and serve-static from 1.15.0 to 1.16.2 (props @dependabot, @peterwilsoncc via #191, #193).
Security: Bump ws from 7.5.10 to 8.18.0 (props @dependabot, @iamdharmesh via #193).

1.2.1 – 2024-08-22

Note that this release bumps the WordPress minimum version from 5.8 to 6.4.

Changed: Bump WordPress “tested up to” version to 6.6 (props @QAharshalkadu, @ankitguptaindia, @jeffpaul, @dkotter via #152, #153, #168, #176).
Changed: Bump WordPress minimum supported version from 5.8 to 6.4 (props @jeffpaul, @ankitguptaindia, @dkotter via #168, #176).
Changed: Import of PluginPostStatusInfo component from @wordpress/edit-post to @wordpress/editor (props @gabriel-glo, @dkotter via #178).
Security: Bump @babel/traverse from 7.22.10 to 7.23.2 (props @dependabot, @peterwilsoncc via #150).
Security: Bump axios from 0.25.0 to 1.7.4 and @wordpress/scripts from 26.17.0 to 26.19.0 (props @dependabot, @ravinderk, @faisal-alvi via #155, #179).
Security: Bump express from 4.18.2 to 4.19.2, follow-redirects from 1.15.3 to 1.15.6 and webpack-dev-middleware from 5.3.3 to 5.3.4 (props @dependabot, @Sidsector9 via #167).
Security: Bump braces from 3.0.2 to 3.0.3, pac-resolver from 7.0.0 to 7.0.1, socks from 2.7.1 to 2.8.3, ws from 7.5.9 to 7.5.10 and removed ip (props @dependabot, @iamdharmesh via #172).

1.2.0 – 2023-10-16

Note that this version bumps the minimum WordPress version from 5.7 to 5.8.
Added: Ensure that saving using the keyboard shortcut Ctrl|Command + S triggers the insecure content check (props @Sidsector9, @dinhtungdu, @jeffpaul, @faisal-alvi via #56).
Added: New admin screen to bulk fix insecure content (props @kmgalanakis, @peterwilsoncc via #112).
Added: Composer, with PHPCBF and PHPCS to aid with coding standards (props @cameronterry, @peterwilsoncc via #127).
Added: Check for minimum required PHP version before loading the plugin (props @kmgalanakis, @peterwilsoncc via #135).
Added: Repo Automater GitHub Action added to automate common repo operations (props @iamdharmesh, @jeffpaul via #142).
Changed: Bump WordPress “tested up to” version to 6.3 (props @kmgalanakis, @jeffpaul, @dkotter via #140, #144).
Changed: Bump WordPress minimum supported version from 5.7 to 5.8 (props @iamdharmesh, @dkotter via #145).
Fixed: Properly handle fixing of multiple different instances of insecure content (props @kmgalanakis, @iamdharmesh via #139).
Fixed: Ensure all Cypress E2E tests pass when running on WordPress 6.3 (props @iamdharmesh, @dkotter via #145).
Security: Bump stylelint from 9.10.1 to 15.10.1 (props @dependabot, @ravinderk via #126).
Security: Bump cypress from 11.2.0 to 13.2.0, @10up/cypress-wp-utils from 0.1.0 to 0.2.0 and @wordpress/env from 5.8.0 to 8.7.0 (props @iamdharmesh, @dkotter via #145).
Security: Bump postcss from 8.4.27 to 8.4.31 (props @dependabot, @Sidsector9 via #147).

View historical changelog details here.

Hide ChangeLog