is_ssl(): bool
Determines if SSL is used.
Return
bool True if SSL, otherwise false.
More Information
Returns true if the page is using SSL (checks if HTTPS or on Port 443).
NB: this won’t work for websites behind some load balancers, especially Network Solutions hosted websites. To body up a fix, save this gist into the plugins folder and enable it. For details, read WordPress is_ssl() doesn’t work behind some load balancers.
Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
Source
File: wp-includes/load.php
.
View all references
function is_ssl() {
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' === (string) $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' === (string) $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
Changelog
Version | Description |
---|---|
4.6.0 | Moved from functions.php to load.php. |
2.6.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
With load balancers
It won’t work for websites behind some load balancers, especially Network Solutions hosted websites. To bodgy up a fix, save this gist into the plugins folder and enable it. For details, read “WordPress is_ssl() doesn’t work behind some load balancers.”
Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:
Top ↑
Feedback
This advice is spot on IF your environment allows you to modify values in $_SERVER. Unfortunately that is not always true. For example in Azure App Services, I appear to be unable to alter $_SERVER. Since $_SERVER is the only variable that is used by is_ssl(), the only solution is a direct hack within is_ssl() to force it return true. — By Will Brownsberger —
if behind web proxy/balancer, can use this function.