is_ssl(): bool

Determines if SSL is used.

Contents

Return

bool True if SSL, otherwise false.

Top ↑

More Information

Returns true if the page is using SSL (checks if HTTPS or on Port 443).

NB: this won’t work for websites behind some load balancers, especially Network Solutions hosted websites. To body up a fix, save this gist into the plugins folder and enable it. For details, read WordPress is_ssl() doesn’t work behind some load balancers.

Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS'] = 'on';

Top ↑

Source

File: wp-includes/load.php. View all references 

function is_ssl() {
	if ( isset( $_SERVER['HTTPS'] ) ) {
		if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
			return true;
		}

		if ( '1' === (string) $_SERVER['HTTPS'] ) {
			return true;
		}
	} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' === (string) $_SERVER['SERVER_PORT'] ) ) {
		return true;
	}

	return false;
}

View on Trac View on GitHub

Top ↑

Top ↑

Used By

Used By
Used By Description
wp_is_application_passwords_supported() wp-includes/user.php

Checks if Application Passwords is supported.
WP_Recovery_Mode::redirect_protected() wp-includes/class-wp-recovery-mode.php

Redirects the current request to allow recovering multiple errors in one go.
WP_Recovery_Mode_Cookie_Service::set_cookie() wp-includes/class-wp-recovery-mode-cookie-service.php

Sets the recovery mode cookie.
WP_Debug_Data::debug_data() wp-admin/includes/class-wp-debug-data.php

Static function for generating site debug data when required.
WP_Site_Health::get_test_https_status() wp-admin/includes/class-wp-site-health.php

Tests if the site is serving content over HTTPS.
WP_Customize_Manager::get_allowed_urls() wp-includes/class-wp-customize-manager.php

Gets URLs allowed to be previewed.
ms_load_current_site_and_network() wp-includes/ms-load.php

Identifies the network and site of a requested domain and path and populates the corresponding network and site global objects as part of the multisite bootstrap process.
get_rest_url() wp-includes/rest-api.php

Retrieves the URL to a REST endpoint on a site.
wp_calculate_image_srcset() wp-includes/media.php

A helper function to calculate the image sources to include in a ‘srcset’ attribute.
wp_admin_bar_customize_menu() wp-includes/admin-bar.php

Adds the “Customize” link to the Toolbar.
get_avatar_data() wp-includes/link-template.php

Retrieves default data about the avatar.
wp_ajax_parse_embed() wp-admin/includes/ajax-actions.php

Applies [embed] Ajax handlers to a string.
wp_dashboard_browser_nag() wp-admin/includes/dashboard.php

Displays the browser update nag.
wp_parse_auth_cookie() wp-includes/pluggable.php

Parses a cookie into its components.
wp_set_auth_cookie() wp-includes/pluggable.php

Sets the authentication cookies based on user ID.
auth_redirect() wp-includes/pluggable.php

Checks if a user is logged in, if not it redirects them to the login page.
wp_login_form() wp-includes/general-template.php

Provides a simple login form for use anywhere within WordPress.
wp_auth_check_html() wp-includes/functions.php

Outputs the HTML that shows the wp-login dialog when the user is no longer logged in.
wp_guess_url() wp-includes/functions.php

Guesses the URL for the site.
set_url_scheme() wp-includes/link-template.php

Sets the scheme for a URL.
network_home_url() wp-includes/link-template.php

Retrieves the home URL for the current network.
get_home_url() wp-includes/link-template.php

Retrieves the URL for a given site where the front end is accessible.
wp_signon() wp-includes/user.php

Authenticates and logs a user in with ‘remember’ capability.
wp_get_attachment_url() wp-includes/post.php

Retrieves the URL for an attachment.
redirect_canonical() wp-includes/canonical.php

Redirects incoming links to the proper URL based on the site url.
filter_SSL() wp-includes/ms-functions.php

Formats a URL to use https.
Show 21 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
4.6.0 Moved from functions.php to load.php.
2.6.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 2You must log in to vote on the helpfulness of this note
    Contributed by Codex

    With load balancers

    It won’t work for websites behind some load balancers, especially Network Solutions hosted websites. To bodgy up a fix, save this gist into the plugins folder and enable it. For details, read “WordPress is_ssl() doesn’t work behind some load balancers.”

    Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS'] = 'on';
  2. Skip to note 2 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Nawawi Jamili

    if behind web proxy/balancer, can use this function.

    function wpdocs_maybe_is_ssl() {
    // cloudflare
    if ( ! empty( $_SERVER['HTTP_CF_VISITOR'] ) ) {
        $cfo = json_decode( $_SERVER['HTTP_CF_VISITOR'] );
        if ( isset( $cfo->scheme ) && 'https' === $cfo->scheme ) {
            return true;
        }
    }

    // other proxy
    if ( ! empty( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO'] ) {
        return true;
    }

    return function_exists( 'is_ssl' ) ? is_ssl() : false;
}

You must log in before being able to contribute a note or feedback.