Integrates expurgate into WordPress, so that you'll never have a mixed content warning again
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
expurgate @ e380f8f


As the web becomes increasingly SSL-ified, the possibilities for mixed content — serving non-HTTP resources in an HTTPS page — increases too. This fixes that.

How does it work?

wp-expurgate adds support for expurgate to WordPress. Expurgate is a script that allows you to filter non-HTTP resources (just images, for now) through an HTTPS URL. In the eyes of browsers, this scrubs them clean and stops them causing warnings.

Got an example?

Say you have a post with the following image in it:

<img src="">

If a user visits your page over HTTPS, their browser will give them a warning — or in the case of IE, an ugly, scary alert box — telling them that the page isn't fully secure.

wp-expurgate will correct this to the following:

<img src="[...]/expurgate.php?checksum=[checksum]&url=">

…which all browsers are happy with, since it's over HTTPS.