I've been notified that my Wordpress site is broken and the first thing I can tell is that it's broken cause it is automatically adding the https protocol to almost every link. So links, css, forms, everything is broken.

My site uses Woocommerce, but it wasn't configured to work with SSL, plus it was working fine.

I've tried these things, but none of them brought functionality back:

• Look for malicious code on files.
• Define and set SSL variables to false on wp-config.php
• Define Site's URL on wp-config.php
• Look at .htaccess
• Look for URLS with https on DB

My server doesn't have ssl and I'm not planning on using it. How do I fix this?

If you're using Google Chrome it might be an issue.

Read that article I saw yesterday: https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/

This issue happened because the latest Chrome version (44.0.2403.89) sends HTTPS: 1 in request headers, which force the Wordpress site to use https.

Follow up the bug report here, it seems Chrome Dev team is working on it and hope they can fix it in next stable release by next Tuesday.

If you are using WooCommerce (most of the reports are from people who using it), you may want to consider one of these workarounds:

• Update to latest WooCommerce version, according to this blog post, they already fixed it on 2.3.13
• Open plugins\woocommerce\woocommerce.php and comment out these lines

if ( ! isset( $_SERVER['HTTPS'] ) && ! empty( $_SERVER['HTTP_HTTPS'] ) ) { 
    $_SERVER['HTTPS'] = $_SERVER['HTTP_HTTPS']; 
}