I recently started a new job as a full-time WordPress developer managing several websites and the myriad of custom themes, child themes, and plugins. This is a lesson learned from an issue I had with one plugin in particular.
Using Chrome on OS X, I get security warnings that a script wouldn’t load on a particular page. When I looked into it, I found it was because in wp-admin, my site URL is set to http, but that page (and several others) is served from https. Since there’s a mix of protocols, good browsers will block scripts from running across SSL/non-SSL.
The plugin was using get_options('siteurl') to create the path string used to load scripts through wp_register_scripts. Switching to site_url(), which returns a string with the protocol that the page is being rendered on, let's me now safely load the scripts on any page in the site.
Here’s how it ended up looking:
$old_root_url = get_options( 'siteurl' );
$root_url = site_url();
$path_flash = "$root_url/wp-content/plugins/$pluginName/js/swfobject.js";
Hope that helps someone!
