Prevent editors from adding insecure content in the editor.
Insecure Content Warning helps content creators with secure (HTTPS) websites avoid insecure-content warnings in the browser by flagging any elements in the editor (such as images and embeds) that are being delivered or sourced from an insecure (HTTP) web address. All insecure elements are flagged before the content is published, and can be fixed manually or simply by clicking "fix it."
Compatible with both the block and classic editors.
- PHP 7.4+.
- WordPress 6.6+.
- A secure / SSL (HTTPS) website, front and back end.
- Install the plugin via the plugin installer, either by searching for it or uploading a .zip file.
- Activate the plugin.
This plugin requires no configuration. Simply activate and the plugin will prevent posts with insecure elements from being published, as well as provide a banner with information on the offending assets.
These are not required for normal usage of the plugin, but are available as a utility for more advanced usage.
Used to fix insecure elements in existing content. Can target specific posts or bulk batches.
wp icw fix [<id>] [--include] [--all] [--post_type] [--limit] [--offset] [--dry-run]
Example: Fix all page content:
$ wp icw fix --all --post_type=page
Checking post content...
Total posts checked for insecure URL(s): 10
+-------------------------------------+
| URL(s) fixed summary |
+-------------------------------------+
| 0/0 URL(s) fixed in post 98 |
| 0/0 URL(s) fixed in post 96 |
| 0/0 URL(s) fixed in post 76 |
| ........................... |
| 0/0 URL(s) fixed in post 6 |
| 0/0 URL(s) fixed in post 1 |
+-------------------------------------+
Run wp help icw fix for more information.
Please report security bugs found in the source code of the Insecure Content Warning plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
Stable: 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.
A complete listing of all notable changes to Insecure Content Warning are documented in CHANGELOG.md.
Please read CODE_OF_CONDUCT.md for details on our code of conduct, CONTRIBUTING.md for details on the process for submitting pull requests to us, and CREDITS.md for a listing of maintainers of, contributors to, and libraries used by Insecure Content Warning.
