Fixing protocol errors in WordPress plugins

I recently started a new job as a full-time WordPress developer managing several websites and the myriad of custom themes, child themes, and plugins. This is a lesson learned from an issue I had with one plugin in particular.

Using Chrome on OS X, I get security warnings that a script wouldn’t load on a particular page. When I looked into it, I found it was because in wp-admin, my site URL is set to http, but that page (and several others) is served from https. Since there’s a mix of protocols, good browsers will block scripts from running across SSL/non-SSL.

The plugin was using get_options('siteurl') to create the path string used to load scripts through wp_register_scripts. Switching to site_url(), which returns a string with the protocol that the page is being rendered on, let's me now safely load the scripts on any page in the site.

Here’s how it ended up looking:

$old_root_url = get_options( 'siteurl' );
$root_url = site_url();

$path_flash = "$root_url/wp-content/plugins/$pluginName/js/swfobject.js";

Hope that helps someone!

Related articles

• The periodic table of WordPress plugins (poststat.us)
• WordPress Most Popular Plugins (powerinfographics.wordpress.com)
• WordPress 3.5 is available for upgrade (kisaso.com)