I am running the latest version of wordpress and just installed SSL. I have also used SSL insecure content plug in. However, I am trying to find 3 items that are eluding me. I have also gone into phpmyadmin and changed all links from http to https using the replace feature. I am using elementor and woocommerce. Any guidance or help will be greatly appreciated.
Here are the current mixed content errors:
Mixed Content - Errors
Soft Failure
An image with an insecure url of "http://www.llamachula.com/wp-content/uploads/2020/02/peppers.jpg" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
An image with an insecure url of "http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
A file with an insecure url of "http://oops.wpsandbox.io/expired-install/" was loaded on line: 468 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Below is everything I thought of to check:
If you're using really simple ssl (that's the most popular SSL redirection plugin and the one I would recommend) make sure you go into the settings and turn on the .htaccess redirect option.
Make sure there is nothing in your .htaccess file that is redirecting to the HTTP version of the page.
Use a search and replace tool such as this one to replace http://youromdomain with https://yourdomain in the database.
If the following constants are defined in your wp-config.php file, make sure they are using https:
define( 'WP_HOME', 'https://example.com' );
define( 'WP_SITEURL', 'https://example.com' );
You shouldn't have to worry about this if you have an .htaccess file that redirects everything to https, but you can also check for plugins or theme that have hard-coded in an asset to load via HTTP. A good place to look is the header.php file of your theme, and if you SSH into the server, you can easily find where the problematic assets are being loaded by doing a grep search (grep -r "your search term") to search the codebase. Ideally everything should be enqueued or for images they should be added through a WordPress function, but if not, then fix the problematic assets and notify the plugin/theme developers that they are adding their assets wrong.
After doing all of the above, make sure you clear out any caches. This may include your Browser cache, Cloudflare/CDNs cache, Varnish cache, page level cache, etc.
I figured out what the problem is:
wp-content\uploads\elementor\css\post-405.css`
.elementor-motion-effects-layer {
background-image:url("http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png");
}
There it is =)
Related
The browser says a client-managed site is insecure. If I check in Firefox > Media, I can see no files delivered over http://.
If I check https://www.whynopadlock.com/results/11d3f0c2-a944-43c0-922a-92a0cbe7b5c2 it says there are 3 image files delivered over http://
http://www.vivescoal.com.au/wp-content/uploads/2017/06/logo.png
http://www.vivescoal.com.au/wp-content/themes/balance/images/button_icon.png
http://www.vivescoal.com.au/wp-content/themes/balance/images/dark_backgrounds/background9.jpg
I can't find these URLs in the database, nor in the parent theme or child theme.
Help appreciated to see where in the site these files are being called.
Since I cannot add images to comment, I'm adding it here. This is what I see is happening:
The image is called from a different domain, then redirected with a 301 to the non-https version. There is either something wrong in the litespeed configuration or the webserver configuration of that domain. It should not be redirecting https to http.
Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again
I have a WordPress site running in Docker behind nginx with HTTPS (Letsencrypt), but I am having trouble with some essential scripts that won't load because the browser claims they are unauthenticated. I also see the dreaded 'Skip to content' link on the homepage. I set things up with jwilder/nginx-proxy and the letsencrypt companion. All my site data is loaded from a MySQL dump, and my initial assumption was that I had to change all the http://example.org entries in the dump file to https://example.org. However I was getting a 301 redirect with that ('too many redirects' error in the browser), so I changed all the links back to http. Now the site loads, but with the unathenticated error (if I accept the unauthenticated links the site loads, of course).
I have seen several solutions to this, or what I think might be solutions, which all seem to involve adding entries to .htaccess and/or wp-config.php. Indeed adding the following to my wp-config.php seems to solve the 'Skip to content' issue:
/** SSL */
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
However some pages are still complaining about unauthenticated content, and that the site is not fully secure... Not sure what else to do. Do I need to modify .htaccess too?
It looks like it was caused by urls for images and vtt files that had links added in the WordPress admin with http. Updating for https seems to have fixed it.
I have multilingual site, I install ssl recently(with let's encrypt), and used some plugin like really simple ssl, ssl insecure content fixer, http/https remover to fix mixed content error but none of these plugin did not fixed the problem. the I use google dev-tools, and see 6 mixed content error like this from 3 custom font, that doesn't exist anymore (i delete them):
Mixed Content: The page at 'https://www.safeducation.com/' was loaded over HTTPS, but requested an insecure font 'http://safeducation.com/wp-content/uploads/avia_fonts/type_fonts/yekan/yekan.ttf'. This request has been blocked; the content must be served over HTTPS.
I connected to host via ftp and ../wp-content/uploads/avia_fonts/type_fonts/ directory was empty. there was no other folder.
I downloaded the root directory to my host and search with atom, to find any http://saf... and change them in host but the problem still did not resolve
I'm confused because there was no any folder in ../wp-content/uploads/avia_fonts/type_fonts
can anyone help me, what should I do to fix this problem?
thanks for your time
It looks like you are using custom fonts and uploaded to theme options panel. just delete those fonts from theme option panel and re-upload one by one.
to get rid of mix content error please paste the code into your wp-config.php file
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"] ) && "https" == $_SERVER["HTTP_X_FORWARDED_PROTO"] ) {
$_SERVER["HTTPS"] = "on";
}
Hope this will solve most of the issues.
I'm new to programming & I have learned how to create websites using WordPress technology. I have created a website www.popstudio.in and it was working fine before.
Recently when I try to access the website, I get the following error.
The popstudio.in page isn’t working
popstudio.in is currently unable to handle this request.
HTTP ERROR 500
I have attached a screenshot, refer screenshot
Note:
This is WordPress based website.
I have renamed the plugins folder and still the website was down.
I have renamed the themes folder still the website was down.
Common Solutions for the 500 Internal Server Error.
The two most common causes of this error are a corrupted .htaccess file and exceeding your server’s PHP memory limit.
The .htaccess file in your WordPress directory can become corrupted after you install a plugin or make another change to your WordPress site. The fix is simple. All you need to do is create a new .htaccess file.
PHP memory limit issues often occur as the result of a poorly-coded plugin running on your site or a site that’s grown considerably over time and is using too many plugins. You’ll begin to exceed the PHP memory limits set by your hosting provider once either of these things happen. The result is a 500 internal server error.
Error 500 is a very generic error message. The information you're providing is not enough for someone here to help you.
The first place you want to look at is the log file. On an Apache server it is a file called error_log in the directory of your site.
You can check if your .htaccess file is properly configured.
Otherwise get in touch with your web host support!
Good luck
Have you tried to delete (after make a backup) the .htaccess file on the root path of the site? If it work, just resaved permalinks from the back-office after that.
Most of the 500 errors on WordPress are due to a problem with this file (corrupted, rights problem ...).
Go to wp-config.php and update it
define( 'WP_DEBUG', false);
to
define( 'WP_DEBUG', true );
Make sure that once you have found your issue, to return it back to 'false'. Just as a security 'best practice'.