HTTPS-Problems: header-image stays as http, when using custom image

  • majkl



    I was creating a new page for a security-group. So HTTPS was a requirement.

    But I discovered, when a non-standard-header-image is used, it won’t be delivered via HTTPs, just via HTTP.

    Is it possible, to fix it, so it will be delivered via HTTPS?

    BTW: The german translation is a little creepy.. “Kommentar verlassen” should be “neuen Kommentar hinterlassen”.

    greetings from Germany,



    Syahir Hakim


    If you try using the Twenty Ten theme, is the header image delivered via HTTP as well? I’m just wondering, cause I think this is a WordPress issue instead of the theme. The link to the header image is generated by WordPress, and the theme merely displays it.

    If it’s a WordPress issue, I may be able to do some PHP search and replace hack to get it to be delivered via HTTPS.

    As for the German translation, I’d be glad if you could improve on the translation and send it to me 🙂



    I tried with the TwentyTen thenme, and it works exactly like your theme. But there is one difference between these tho themes.

    The plugin “WordPress HTTPS” modifies the img-src, so it gets delivered via HTTPS. But it doesn’t work with the CSS you are using to assign the header-image.

    I already notified the author of the plugin, if he could implement a way to modify the CSS, but it should be better, to make the switch in the theme itself. So I think a preg_match-way would be better.


    Syahir Hakim


    Okay, I’ll look into this. I’m thinking of removing the home url part of the link to the image, i.e. just use wp-content/uploads/...' instead of, but this might cause problem with permalinks on.

    I’m gonna experiment on this. Feel free to share any ideas you have.



    Thanks, hopefully it will work all time.

    Why don’t you use an absolut URL from the DOCUMENT_ROOT ? Doesn’t WordPress stores a path, where its own DOCUMENT_ROOT is, so you can use “/wp-content/..” or if necessary “/sth/wp-content/…” ?



    Btw: do you know a way to preserve the arrangement of the widgets between activations and upgrades? It is annoying, to reconfigure this all time the theme changes for a few minutes..


    Syahir Hakim


    Found a better fix: using WordPress’ own if_ssl() conditional. If this is true, then the theme replaces http in the image link to https.

    Can you please try it:


    Syahir Hakim


    Btw: do you know a way to preserve the arrangement of the widgets between activations and upgrades? It is annoying, to reconfigure this all time the theme changes for a few minutes..

    I share your sentiment about this, but so far I haven’t found any way to preserve the widget settings yet. But to be honest, I haven’t really been looking for a way to achieve that.

    But from what I know, the widgets that were automatically deactivated were moved to the Inactive Widgets section, which deactivates the widgets but keep their settings. Perhaps you can just drag these widgets back? At least that saves having to reconfigure their settings.



    works like a charm, even without the standard-SSL-plugin.

    Good work, thank you!



    first of all, great work Syahir, thank you!

    we got problems with the if_ssl in the header.php, I had to deactivate it, if not we get an URL like httpss://



    I’m also having a problem with the header image url starting with httpss://.

    I commented out the following code section and it seems to work properly for both http and https

    /* Check if the page uses SSL and change HTTP to HTTPS if true */

    if (is_ssl() && !stripos($header_img, ‘https’)){

    $header_img = str_replace(‘http’, ‘https’, $header_img);


    There was mention above of an if_ssl() function but this one here is is_ssl() which I think is a php built in function. I tried changing the is_ssl() to if_ssl() but that just broke the page. Commenting the above code section in the header.php seems to make things work properly. Don’t know if this is important but I am using a sub-folder multisite setup with WP 3.0.1 and have define(‘FORCE_SSL_ADMIN’, true); in my wp-config.php

    Should also probably mention using Graphene


    Syahir Hakim


    It seems like more people are adversely affected by this change than benefited by it. I’m gonna remove this code in the next maintenance update, until a better solution can be found.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.