1. Giorgos Sarigiannidis

    With WP-CLI’s search and replace the process was easy and I never saw it as a major inconvenience, but it sounds like a good update. My understanding by reading the article is that we will probably have to do the search/replace anyway, so WP-CLI will still be the way to go, at least for me.

    Having relative URLs in general might be an interesting feature on the same direction, but I remember reading an old discussion about that, concluding that it’s not something that will be implemented.


  2. Matt Mullenweg

    This is an awesome improvement.


  3. J-F Arseneault

    Are we to understand that since URLs in the database will not be changed, there will be protocol rewrites in every page load, potentially impacting performance… vs a case where all HTTP are rewrote to HTTPS using a search-replace opération?

    And once HTTPS is activated, will Site Health consider the site « secure », even though in reality, there remains mixed content in the database?


    • Timothy Jacobs

      Correct, the protocol won’t be changed in the database, but on the fly. The dynamic replacement is very simple, I would be surprised if it had a noticeable difference in performance.

      And yes, Site Health will consider the site “secure” as long as it is served over HTTPS. It doesn’t check the contents of the database.


    • Otto

      Let’s be honest about it, realistically. Content is already parsed and modified on every load. Responsive image handling, shortcodes, texturize, etc. This isn’t going to be noticable at all.


  4. Brian Johnson

    I’ve always wondered why this wasn’t a core feature. For something ostensibly “mandatory”, it was almost impossible for laymen to actually do it. So glad to hear it will finally be built-in!


  5. Mr. KingsHOK

    That would be very great for non-techy webmasters though.

    Thanks to WordPress company all the same.


  6. Angelo Mandato

    This is great! Like the security changes, this is a little detail that provides a big improvement. Maybe the next little detail with big impact could be better built-in oauth2 support with the WordPress json api? Currently it only works with the login cookie without help of a plugin.


    • Timothy Jacobs

      Angelo if you weren’t aware, Application Passwords was introduced in WordPress 5.6 to add an external authentication mechanism to the REST API: https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/

      It isn’t exactly like OAuth, but it has a similar interactive authentication feature to grant an application permission to connect to your WordPress website.


      • Angelo Mandato

        Hello Timothy,

        Thanks, I did read that but did not look further into it until you mentioned it.

        I see this is user specific, which in the scheme of things is a good idea. What would be cool is to have a 2nd password, where the one you see today is only for refreshing a password (like a refresh token in oAuth2), and also a 3rd password that acts as the client secret. I guess what I would like to see is true oAuth2.

        If there was a way to issue client ID’s and secrets via an API, you would be able to revoke clients and it would also allow any user to the blog to authenticate with the client, in theory. The site may want to limit client access to specific users like your doing now. Very complicated.



  7. Leonard Maina

    Very useful feature for non technical users. With every update, WordPress is becoming more and more user friendly to such an extent that an average user will be able to use the full spectrum of its features at the click of a button. Cheers!


  8. Karan

    It will be great for non-techy bloggers who just started blogs and want to get SSL certificate.

    Must say, the WordPress team working for beginners too.


  9. Anh Tran

    This is a nice update for non-techies.

    I’d suggest making the migrate to HTTPs button more appealing to users. They rarely check the Site Health, and rarely click to see what issues in the Site Health are.


  10. Joseph

    I’d have to agree with Anh. Beginners probably aren’t checking site health.

    I’m curious if they’re even aware that they need to secure their site. I was working with a client yesterday and they had no idea this was a necessity. He doesn’t sell anything online so he didn’t think he needed it.

    Does this new feature actually install the SSL certificate from the host? Or does the certificate need to be installed first for this to work?


  11. Pandhu

    This is awesome.

    And I’d have to agree with Anh’s comment. The button should be more appealing to users.


  12. Ann

    Do you think an ssl plugin is still required?


Comments are closed.

%d bloggers like this: