'sslverify = false' with 'wp_remote_get' == bad practice!

I just noticed the following in enfold\framework\php\class-framework-widgets.php:

$remote = wp_remote_get( 'https://www.instagram.com/'.trim( $username ), array( 'sslverify' => false, 'timeout' => 60 ) );

And these posts must be the reasons for this: https://kriesi.at/support/topic/unable-to-communicate-with-instagram/ , https://kriesi.at/support/topic/mailchimp-api-not-connecting/#post-552751.

Please don’t set sslverify to false. It is bad practice. See https://www.skyverge.com/blog/developers-stop-using-sslverify-false/ for more information. Having to disable sslverify indicates a PHP configuration error on the web server that users or administrators need to fix, and see https://www.saotn.org/dont-turn-off-curlopt_ssl_verifypeer-fix-php-configuration/ on how to do that.

So please don’t make these kind assumptions for your users, it may break the internet (really). Or if you really have to, make it optional through the Enfold Options Framework.

Other files affected:
./config-templatebuilder/avia-shortcodes/av-helper-mailchimp.php: 'sslverify' => false

and here I have set sslverify to true:

./framework/php/class-framework-widgets.php: $remote = wp_remote_get( ‘https://www.instagram.com/’.trim( $username ), array( ‘sslverify’ => true, ‘timeout’ => 60 ) );`

• This topic was modified 9 years, 2 months ago by jan_reilink. Reason: fixed some typos