Fix SSL Security

  • Resolved JxsDotNL

    (@jxsdotnl)


    4 years, 9 months ago

    Please fix your SSL Security. From broken-link-checker/modules/checkers/http.php line 231:

     if ( 'https' === $parts['scheme'] ) {
            curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); //Required to make HTTPS URLs work.
            curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
            //$nobody = false; //Can't use HEAD with HTTPS.
        }

    Please don’t ever do this. Apart from using a self-signed certificate (which 99,999% of websites don’t do) there is no excuse for disabling SSL security. If HTTPS doesn’t work right, fix your CA bundle, do not disable SSL security.

    WordPress nowadays comes with a bundles CA bundle. Please look for CURLOPT_CAINFO in wp-includes/class-wp-http-curl.php to see how to use that CA bundle.

Viewing 1 replies (of 1 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @jxsdotnl

    I hope you’re well today!

    That’s a good catch, thank you for pointing it out.

    We’re still working on various fixes and improvements to the plugin and I’ve already passed that over to our developers so they could take care of it with future releases.

    Best regards,
    Adam

Viewing 1 replies (of 1 total)
  • The topic ‘Fix SSL Security’ is closed to new replies.