This is a pet peeve of mine – some plugin and theme authors (to make their lives easier) set “sslverify = false” in their Pro / Premium version update checks and/or other HTTP requests.
Luckily a few security and error checking plugins like the Query Monitor plugin (for example), will show a warning if the WordPress wp_remote_get() function is executed with “sslverify = false”. To make sure this is never the case, you can use the following filters in your functions.php file.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
add_filter( 'https_ssl_verify', '__return_true', PHP_INT_MAX ); add_filter( 'http_request_args', 'http_request_force_ssl_verify', PHP_INT_MAX ); function http_request_force_ssl_verify( $args ) { $args[ 'sslverify' ] = true; return $args; } |