Part of this page are not secure, firefox, wordpress - wordpress

Theme: Astra
Template: brandstore
Have enabled in cloudflare:
SSL/TLS> Always Use HTTPS
SSL/TLS> Automatic HTTPS Rewrites
Speed>Auto Minify
Speed>Brotli
I want to remove this problem in my site
I have deleted the images that think was raising the warning, but it continue showing a warning in console tab of developer tool of the firefox browser.
Use in firefox f12 to open the developer tool, then go to the console tab and check this warning
Loading mixed (insecure) display content “http://kauchoplus.com/wp-content/uploads/2020/09/banner-03.jpg” on a secure page
and all in the images bellow.
If we click in the url image https://kauchoplus.com/wp-content/uploads/2020/09/banner-03.jpg the message is this.
I am using cloudflare and have self-signed SSL certificate signed in the server.
Please help me to know who is requesting that image and remove the conection no secure problem.

I have resolved the problem, deleting a empty container spectra-block.
The spectra blocks is installed along with the brandstorm template of the Astra theme.

Related

Wordpress Migration with lingering reference

I recently created a Wordpress Website on my personal server. And once completed I deployed it to the client's server successfully.
However, when I activated HTTPS, I received the 'Mixed Content' error, and when I Inspect the Console I still see a reference to my own server:
Mixed Content: The page at 'https://fluidfinance.co.za/' was loaded over HTTPS, but requested an insecure image 'http://transciety.co.za/fluidfinance/wp-content/uploads/2020/01/Slider1.jpg'. This content should also be served over HTTPS.
Fluidfinance.co.za being the client's server, and transciety.co.za is my server.
I checked the HTML body, and cannot find any reference to this image link. I also ran a Find and Replace on the Database, and still it is trying to fetch the images from my own server.
The actual image being displayed comes from the correct server.
How can I get rid of this reference, in order for the Mixed Content error to be removed?
Thank you in advance.
It is Coming from Elementor CSS.
URL: https://fluidfinance.co.za/wp-content/uploads/elementor/css/post-6.css
CSS Present.
.elementor-motion-effects-layer{background-image:url("http://transciety.co.za/fluidfinance/wp-content/uploads/2020/01/Slider1.jpg");background-repeat:no-repeat;background-size:cover;}
May You can Change it in Elementor Plugin or Manual by Going to the CSS Path.

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet error in Wordpress site

Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again

ssl mixed content errors in browser

I have recently installed a flexible ssl on a Wordpress website using CloudFlare. I have read around the issues others have had. I have installed various plugins to remedy the problem. I have tested the url on an ssl checker which says it is OK. When the page first loads I have the green lock - it subsequently goes Amber with an exclamation (on Firefox) or just the 'i' on Chrome.
Chrome console says:
Mixed Content: The page at https://example.com/ was loaded over HTTPS, but requested an insecure image http://example.com/wp-content/uploads/logo1.png. This content should also be served over HTTPS.
In Chrome console it shows that there are some images which load are loading with http - but if you look at the actual image in the WP library it has https in front, including the one above. If I look at images on the front page with say Firefox developer all image paths are preceded https://. If I check the logo image guid in the WP DB which is throwing the error on the front page then it is https://. I have purged the Couldflare cache. I have cleared all browser cache.
So what's the problem?

WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

Could you help me find out what to do with not fully secure message.
I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".
The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?
Thank you for your answers!
Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.
Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):
If a yellow padlock appears with a mini yield sign, the likely cause
is links in your site still refer to an unsecured page. Make sure that
all your images, menu items and links use https in the URL.
source
I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.
Did you enable https after installing WordPress? If so, you must change the WordPress address and Site Address under "General Settings" in WordPress. Make sure both addresses use https.
If your WordPress site address is set to use http, your server will force https but WordPress will serve certain images, like the favicon, over http. This triggers a "mixed content" warning.
I too had run into this issue. It appears there are many http: that need to be replaced with https:
You typically do this using a plugin called Better Search and Replace. Make sure you are adding colon (:) at the end of both http and https.
I found a working answer here
To check for issues on the chrome/opera inspection console (ctrl+shift+C) is also a great idea: I had setup all correctly and the issue was the footer image, not something you would check very often looking for this fix. I had applied SSL to many websites, sometimes the issue is just one simple link and this method helps find it.
I had the same problem where the home or index page was saying the page was not fully secure "Attackers might be able to see images blah blah blah"
After enabling https in general settings under site address and wordpress address I was still getting the insecure image warning on the index or home page.
The next step was to find out what images were not using the https ref on the index or home page.
In my case I viewed the page source of the page, by right mouse clicking the page in the chrome browser & looking for images url ref which were still showing http. I was using a sliding header and those images were showing http. So all I did was go into slider header in the appearance menu of the wordpress, and re-assign each of the header slider image for each frame. RE-checked the home page now the image urls were showing https. Bingo the secure lock symbol returned.
Obviously these image urls don't get updated via the general settings... which seems an oversight by whoever wrote the part of the word-press script.

My wordpress website shows the slideshow in http mode and it is not showing in https mode

In the webiste http://www.gulfmech.com/ I'm able to see the image slideshow in http mode.
Recently I activated the SSL certificate for the website. Now the issue is that I'm not able to see the slideshow in the https mode.
After following so many forums I changed the Site Address (URL) and wordpress Url in wordpress admin settings to https://www.gulfmech.com/ and I tried uninstalling the meteor slideshow plugin which is used in the website and installed it again. But nothing seems to make the slider work in Https mode.
Someone please help me to solve this issue.
The error is due to jQuery not being loaded in correctly.
If you look at the console log in the browser when loading the website in http mode and https mode, you will see that there are loads of jQuery errors occuring in the https mode.
The browser won't load in the http version of jQuery because the connection is meant to be secure which it isn't between your website and jQuery.
What you will want to load in instead is the code below.
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
This means that the connection type will be figured out by the browser and it will get the correct version.

Resources