Getting mixed content warning - WordPress behind nginx-proxy with letsencrypt ssl - wordpress

I have a WordPress site running in Docker behind nginx with HTTPS (Letsencrypt), but I am having trouble with some essential scripts that won't load because the browser claims they are unauthenticated. I also see the dreaded 'Skip to content' link on the homepage. I set things up with jwilder/nginx-proxy and the letsencrypt companion. All my site data is loaded from a MySQL dump, and my initial assumption was that I had to change all the http://example.org entries in the dump file to https://example.org. However I was getting a 301 redirect with that ('too many redirects' error in the browser), so I changed all the links back to http. Now the site loads, but with the unathenticated error (if I accept the unauthenticated links the site loads, of course).
I have seen several solutions to this, or what I think might be solutions, which all seem to involve adding entries to .htaccess and/or wp-config.php. Indeed adding the following to my wp-config.php seems to solve the 'Skip to content' issue:
/** SSL */
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
However some pages are still complaining about unauthenticated content, and that the site is not fully secure... Not sure what else to do. Do I need to modify .htaccess too?

It looks like it was caused by urls for images and vtt files that had links added in the WordPress admin with http. Updating for https seems to have fixed it.

Related

Too Many Redirects Error on WordPress Login Page

While trying to log in to my website I noticed that Chrome is giving me the error message "ERR_TOO_MANY_REDIRECTS" preventing me from accessing the WordPress admin panel (/wp-login or /wp-admin). The website itself can still be reached, but certain posts now point to http instead of https. I haven't made any changes to the link structure or any other settings recently.
Essentially, from what I can tell, the login page is the only page stuck in a redirect loop.
After an extensive Google search, I've now exhausted all possible solutions I can find without any success.
Here's what I've tried so far:
Clear browser cache and cookies, also tried to access the admin panel via multiple different browsers on multiple devices.
Manually deactivate all plugins via FTP (renamed “plugins” folder within “wp-content” folder to “plugins_old”)
Rename or delete .htaccess file
Check “siteurl” and “homeurl” in “wp_options” in the database (same URL for both entries, e.g.: https://example.com)
Adding code to wp-config.php
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';
Didn't help.
if (strpos($\_SERVER\['HTTP_X_FORWARDED_PROTO'\], 'https') !== false) $\_SERVER\['HTTPS'\]='on'; else $\_SERVER\['HTTPS'\]='off';
Didn't help.
if($\_SERVER\['PHP_SELF'\]=="/index.php") { define('WP_HOME','https://example.com'); define('WP_SITEURL','https://yourdomain.com'); } else { define('WP_HOME','http://example.com'); define('WP_SITEURL','http://yourdomain.com'); }
Didn't help.
Another useful bit of information is likely that I'm using Ezoic as my ad network and have integrated the website with them via nameserver integration. That worked fine until a few days ago. Prior to using Ezoic, I managed the SSL certificate for my website via my hosting provider. This is now done by Ezoic although I have no idea whether that could potentially be the issue.
Do you have any additional ideas for troubleshooting or what could be the root of the problem?

Wordpress site_url is different from database value

I have a fresh Wordpress install that isn't loading the database site_url value properly. On the index, post permalinks are using https, but all assets (css, js, php files) are trying to load over http. As a result, no assets are loading and I can't even log in to the site as a result. When I try to login I get a warning about unsecured forms and the wp-admin login page just reloads.
I updated both site_url and home values in the database to be https but when I echo the site_url it's still http. Also, after I made this change, the wp-admin page won't load anymore, I get a re-direct loop error.
I've tried forcing SSL by adding the options in the wp-config file, but it doesn't fix it. I've followed every method for changing Site URL from the Wordpress docs, but this also didn't fix anything.
I've added a virtual host for port 80 as well, and it's working properly, but it didn't fix anything. I don't know if I have to add a Virtual Host for port 443 (I'm a front-end dev, not a server expert!). I feel like at this point I've gone through every similar Stack Overflow thread and tried everything there, but so far nothing has helped. It feels to me like the problem is at the server level, not Wordpress, but I might be wrong.
Has the URL been set by a constant in your wp-config.php?
Fixed – after a ton of digging around, the issue was the fact that Wordpress is behind a load balancer (again, forgive my lack of server knowledge...)
Added the following to the wp-config file to fix the issue:
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;

How do I find these links in wordpress?

I am running the latest version of wordpress and just installed SSL. I have also used SSL insecure content plug in. However, I am trying to find 3 items that are eluding me. I have also gone into phpmyadmin and changed all links from http to https using the replace feature. I am using elementor and woocommerce. Any guidance or help will be greatly appreciated.
Here are the current mixed content errors:
Mixed Content - Errors
Soft Failure
An image with an insecure url of "http://www.llamachula.com/wp-content/uploads/2020/02/peppers.jpg" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
An image with an insecure url of "http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
A file with an insecure url of "http://oops.wpsandbox.io/expired-install/" was loaded on line: 468 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Below is everything I thought of to check:
If you're using really simple ssl (that's the most popular SSL redirection plugin and the one I would recommend) make sure you go into the settings and turn on the .htaccess redirect option.
Make sure there is nothing in your .htaccess file that is redirecting to the HTTP version of the page.
Use a search and replace tool such as this one to replace http://youromdomain with https://yourdomain in the database.
If the following constants are defined in your wp-config.php file, make sure they are using https:
define( 'WP_HOME', 'https://example.com' );
define( 'WP_SITEURL', 'https://example.com' );
You shouldn't have to worry about this if you have an .htaccess file that redirects everything to https, but you can also check for plugins or theme that have hard-coded in an asset to load via HTTP. A good place to look is the header.php file of your theme, and if you SSH into the server, you can easily find where the problematic assets are being loaded by doing a grep search (grep -r "your search term") to search the codebase. Ideally everything should be enqueued or for images they should be added through a WordPress function, but if not, then fix the problematic assets and notify the plugin/theme developers that they are adding their assets wrong.
After doing all of the above, make sure you clear out any caches. This may include your Browser cache, Cloudflare/CDNs cache, Varnish cache, page level cache, etc.
I figured out what the problem is:
wp-content\uploads\elementor\css\post-405.css`
.elementor-motion-effects-layer {
background-image:url("http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png");
}
There it is =)

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet error in Wordpress site

Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again

ERR_TOO_MANY_REDIRECTS error in wordpress wp-admin login

I am using WordPress 4.9.2 and have followed all the steps for installation.
Now, once the installation finished I tried to login using entered credentials.
But its redirecting me to same wp-login.php page again and again.
I tried 'Lost your password?' option but haven't received any email yet.
Also, since my website uses SSL, I entered 'siteurl' and 'home' values with 'https://example.com/blog' but it doesn't even load wp-login.php then and as soon as I change it to 'http://example.com/blog' it loads the login page but after submission get redirected to same page.
Below are the few things I tried to get it resolved.
added below code in wp-config.php
define('FORCE_SSL_ADMIN', true);
disabled all plugins by renaming plugin folder
removed .htaccess file
restored default .htaccess file
added below code in wp-config.php
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
changed wp-login.php permission to 644
After every change , have cleared cache, cookies and checked again but no success.
If "your" SSL cert is provided by say an intermediate e.g. a CDN: Then the intermediary might be passing a "non-standard" 'HTTP_X_FORWARDED_PROTO' value e.g. uppercase "HTTPS" .
Alter your wp-config check of 'HTTP_X_FORWARDED_PROTO' to cater for these possibilities e.g.
if (stripos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
first of all, try to find the bug comes from.
1. take backup of DB & then drop all tables.
2. re-install WordPress by remaining all files as it is.
--> if still shows the same issue then the problem comes from file structure.
&
if it works correctly then the issue comes from DB for URL mismatch.
Give your feedback about issue tracing process, so I can suggest you an accurate solution.
similary i tried all the solutions like :
clearing browser cache
editting .htaccess and adding below lines
define ('WP_SITEURL', 'https://example.com');
define ('WP_HOME', 'https://example.com');
renaming plugins
but none worked for me.
check your SSL if you are using cloudflare.
i was having problem accessing the dashboard by ftp filezilla , so i used my hosting providers cpanel.
fianlly , by putting the below code in wp-config.php worked for me.
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on'; ``
I hope it helps, thank you.

Resources