WP_Site_Health::get_test_https_status()

Test if your site is serving content over HTTPS.

Description

Many sites have varying degrees of HTTPS support, the most common of which is sites that have it enabled, but only if you visit the right site address.

Return

(array) The test results.

Source

File: wp-admin/includes/class-wp-site-health.php 

public function get_test_https_status() {
		// Enforce fresh HTTPS detection results. This is normally invoked by using cron,
		// but for Site Health it should always rely on the latest results.
		wp_update_https_detection_errors();

		$default_update_url = wp_get_default_update_https_url();

		$result = array(
			'label'       => __( 'Your website is using an active HTTPS connection' ),
			'status'      => 'good',
			'badge'       => array(
				'label' => __( 'Security' ),
				'color' => 'blue',
			),
			'description' => sprintf(
				'<p>%s</p>',
				__( 'An HTTPS connection is a more secure way of browsing the web. Many services now have HTTPS as a requirement. HTTPS allows you to take advantage of new features that can increase site speed, improve search rankings, and gain the trust of your visitors by helping to protect their online privacy.' )
			),
			'actions'     => sprintf(
				'<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
				esc_url( $default_update_url ),
				__( 'Learn more about why you should use HTTPS' ),
				/* translators: Accessibility text. */
				__( '(opens in a new tab)' )
			),
			'test'        => 'https_status',
		);

		if ( ! wp_is_using_https() ) {
			// If the website is not using HTTPS, provide more information
			// about whether it is supported and how it can be enabled.
			$result['status'] = 'recommended';
			$result['label']  = __( 'Your website does not use HTTPS' );

			if ( wp_is_site_url_using_https() ) {
				if ( is_ssl() ) {
					$result['description'] = sprintf(
						'<p>%s</p>',
						sprintf(
							/* translators: %s: URL to Settings > General > Site Address. */
							__( 'You are accessing this website using HTTPS, but your <a href="%s">Site Address</a> is not set up to use HTTPS by default.' ),
							esc_url( admin_url( 'options-general.php' ) . '#home' )
						)
					);
				} else {
					$result['description'] = sprintf(
						'<p>%s</p>',
						sprintf(
							/* translators: %s: URL to Settings > General > Site Address. */
							__( 'Your <a href="%s">Site Address</a> is not set up to use HTTPS.' ),
							esc_url( admin_url( 'options-general.php' ) . '#home' )
						)
					);
				}
			} else {
				if ( is_ssl() ) {
					$result['description'] = sprintf(
						'<p>%s</p>',
						sprintf(
							/* translators: 1: URL to Settings > General > WordPress Address, 2: URL to Settings > General > Site Address. */
							__( 'You are accessing this website using HTTPS, but your <a href="%1$s">WordPress Address</a> and <a href="%2$s">Site Address</a> are not set up to use HTTPS by default.' ),
							esc_url( admin_url( 'options-general.php' ) . '#siteurl' ),
							esc_url( admin_url( 'options-general.php' ) . '#home' )
						)
					);
				} else {
					$result['description'] = sprintf(
						'<p>%s</p>',
						sprintf(
							/* translators: 1: URL to Settings > General > WordPress Address, 2: URL to Settings > General > Site Address. */
							__( 'Your <a href="%1$s">WordPress Address</a> and <a href="%2$s">Site Address</a> are not set up to use HTTPS.' ),
							esc_url( admin_url( 'options-general.php' ) . '#siteurl' ),
							esc_url( admin_url( 'options-general.php' ) . '#home' )
						)
					);
				}
			}

			if ( wp_is_https_supported() ) {
				$result['description'] .= sprintf(
					'<p>%s</p>',
					__( 'HTTPS is already supported for your website.' )
				);

				if ( defined( 'WP_HOME' ) || defined( 'WP_SITEURL' ) ) {
					$result['description'] .= sprintf(
						'<p>%s</p>',
						sprintf(
							/* translators: 1: wp-config.php, 2: WP_HOME, 3: WP_SITEURL */
							__( 'However, your WordPress Address is currently controlled by a PHP constant and therefore cannot be updated. You need to edit your %1$s and remove or update the definitions of %2$s and %3$s.' ),
							'<code>wp-config.php</code>',
							'<code>WP_HOME</code>',
							'<code>WP_SITEURL</code>'
						)
					);
				} elseif ( current_user_can( 'update_https' ) ) {
					$default_direct_update_url = add_query_arg( 'action', 'update_https', wp_nonce_url( admin_url( 'site-health.php' ), 'wp_update_https' ) );
					$direct_update_url         = wp_get_direct_update_https_url();

					if ( ! empty( $direct_update_url ) ) {
						$result['actions'] = sprintf(
							'<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
							esc_url( $direct_update_url ),
							__( 'Update your site to use HTTPS' ),
							/* translators: Accessibility text. */
							__( '(opens in a new tab)' )
						);
					} else {
						$result['actions'] = sprintf(
							'<p class="button-container"><a class="button button-primary" href="%1$s">%2$s</a></p>',
							esc_url( $default_direct_update_url ),
							__( 'Update your site to use HTTPS' )
						);
					}
				}
			} else {
				// If host-specific "Update HTTPS" URL is provided, include a link.
				$update_url = wp_get_update_https_url();
				if ( $update_url !== $default_update_url ) {
					$result['description'] .= sprintf(
						'<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
						esc_url( $update_url ),
						__( 'Talk to your web host about supporting HTTPS for your website.' ),
						/* translators: Accessibility text. */
						__( '(opens in a new tab)' )
					);
				} else {
					$result['description'] .= sprintf(
						'<p>%s</p>',
						__( 'Talk to your web host about supporting HTTPS for your website.' )
					);
				}
			}
		}

		return $result;
	}

Uses

Uses Description
wp-includes/functions.php: wp_get_default_update_https_url()

Gets the default URL to learn more about updating the site to use HTTPS.
wp-includes/functions.php: wp_get_direct_update_https_url()

Gets the URL for directly updating the site to use HTTPS.
wp-includes/functions.php: wp_get_update_https_url()

Gets the URL to learn more about updating the site to use HTTPS.
wp-includes/https-detection.php: wp_update_https_detection_errors()

Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
wp-includes/https-detection.php: wp_is_using_https()

Checks whether the website is using HTTPS.
wp-includes/https-detection.php: wp_is_site_url_using_https()

Checks whether the current site’s URL where WordPress is stored is using HTTPS.
wp-includes/https-detection.php: wp_is_https_supported()

Checks whether HTTPS is supported for the server and domain.
wp-includes/capabilities.php: current_user_can()

Returns whether the current user has the specified capability.
wp-includes/l10n.php: __()

Retrieve the translation of $text.
wp-includes/formatting.php: esc_url()

Checks and cleans a URL.
wp-includes/load.php: is_ssl()

Determines if SSL is used.
wp-includes/functions.php: wp_nonce_url()

Retrieve URL with nonce added to URL query.
wp-includes/functions.php: add_query_arg()

Retrieves a modified URL query string.
wp-includes/link-template.php: admin_url()

Retrieves the URL to the admin area for the current site.

Changelog

Version Description
5.7.0 Updated to rely on wp_is_using_https() and wp_is_https_supported().
5.2.0 Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_site_health/get_test_https_status