How to update wordpress ajaxurl variable to use SSL?

We are running a Wordpress 4.0 / Buddypress setup and since we switched to SSL, all ajax functions are not working because the ajaxurl variable still reads "http".

<script type="text/javascript">
 /* <![CDATA[ */
 var ajaxurl = '';
 /* ]]> */


This code is automatically added to wp_head, so we're not sure how to update it. We just need to switch http to https.

Does anyone know how we can do this?

We get this error every time ajax is required: [blocked] The page at ' ' was loaded over HTTPS but was using unsafe content from -ajax.php : This content must also be loaded over HTTPS.


source to share

2 answers

The variable ajaxurl

gets its value from the admin_url () function , which in turn determines whether to do https

a result- based is_ssl () function .

So, basically, if you are not getting https

in yours ajaxurl

, the feature is is_ssl()

incorrectly detecting SSL on your site.

If you are behind a load balancer or reverse proxy that supports HTTP_X_FORWARDED_PROTO

(like ELB) add the following to wp-config.php

in the documentation:

     $_SERVER['HTTPS'] = 'on';


If that doesn't work, take a look gist

at those linked in the Notes section for documentation is_ssl()

. You have to add this to your plugins directory.



I also have this issue with Wordpress, especially since I am using CloudFlare Flexible SSL.

I made this quick and dirty patch at / wp -includes / load.php

function is_ssl() {
        if ( isset( $_SERVER['HTTP_CF_VISITOR'] ) ) {
            if ( strpos($_SERVER['HTTP_CF_VISITOR'], "https") !== "false" ){
                return true;

        if ( isset( $_SERVER['HTTPS'] ) ) {
                if ( 'on' == strtolower( $_SERVER['HTTPS'] ) ) {
                        return true;

                if ( '1' == $_SERVER['HTTPS'] ) {
                        return true;
        } elseif ( isset($_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
                return true;
        return false;


This helped ajax calls from admin which blocked a lot of plugin functionality.



All Articles