Links in notification emails appearing as https

[leec87]

I have received several notification emails as an Administrator instructing me that Wordpress has been updated to the latest version.

However, all of the links contained within all of the emails output the URL as ​https://, and not whatever is stated within the Wordpress Site URL setting in General.

This leads to any link that is visited displaying a 'Connection not secure' message, as there is no SSL certificate for that domain name.

[leec87]

Screenshot of email received containing ​https:// links

[johnbillion]

Thanks for the ticket @leec87, and welcome to WordPress Trac.

Is there any part of your website that is configured to use https? Is your site part of a WordPress Multisite network? If so, can you provide some details?

If not, have you tried deactivating your plugins one by one to see if the problem is being caused by a plugin? Also try switching to one of the default themes such as Twenty Fifteen in case your theme is at fault.

[leec87]

The various sites I've seen emails from, are using different sets of templates and plugins. They are not in multisite environments, neither are they set to use ​https:// anywhere in the configurations.

Thanks for the welcome. Advanced apologies if I leave anything out, this is my first time. And I'm relatively new to committing push requests on GitHub etc, but pleased to try and help the community.

[ocean90]

@leec87 Is this also the case for other emails like for comment moderation emails?

[alancolyer]

Just to confirm I'm seeing the same issue, in every update email, from > 70 wordpress sites that I administer.
Of those, a single one is configured to use SSL via a plugin, the others are not.

They use a wide variety of plugins and themes. In all cases the theme has been created or modified by us, so I can say that there is nothing in their themes that intentionally modifies links in WP emails. None of them are multisites.

Due to the nature of this email, I can't comment if the latest version has this bug as it will only send an email on the next auto-update. I'll update this ticket if I receive such an email from a 4.5.3 install once 4.5.4 is released.

When I've received other emails (e.g password resets) from wordpress the links have been correct - as far as I've seen it's just the core update notification emails that show this issue.

Here's the raw source of one of these emails, with domain removed - this came from a 4.4.X install that updated itself to 4.4.4:

Howdy! Your site at https://www.example.com has been updated automatically to WordPress 4.4.4.

For more on version 4.4.4, see the About WordPress screen:
https://www.example.com/wp-admin/about.php

WordPress 4.5.3 is also now available. Updating is easy and only takes a few moments:
https://www.example.com/wp-admin/update-core.php

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/

Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.

The WordPress Team

EDIT: I also have several comment moderation emails from this same group of sites, the links in those are correct.

[leec87]

This does not happen in comment emails.