I have updated every url to https in database and on cdns and image links everything but still the website is not secure. And when i keep clicking on the menu link of an page (at least 2 times ) then it becomes secure.. and only my homepage is not secure other pages are secure..
Please help thnx
Related
This is a peculiar one.
I work for an agency, and we develop WordPress and JAM Stack sites for our clients.
I have been contacted by the IT team for one of the clients (an NGO), and they flagged something that I have not seen before.
NOTE: I am going to be using example.org as the website, to protect the identity of the client.
Basically, we developed a WordPress site for them, which works great and all, but as it turn outs there is a page on the website which points to a totally different website
The example page is as follows
example.org/news/points-to-different-website/
The news page doesn't exist in anywhere on WordPress system, and neither does it exist as a custom post type.
And another thing, I noticed is when I removed the / at the end of the URL, it shows the custom 404 page developed for the website
example.org/news/points-to-different-website
But as soon as you add the /, it shows a totally different website.
I have checked all the Apache configuration files related to the site, and it is just the normal setup for any WordPress site.
So, I am wondering what could be causing this, and how can one prevent it?
That's a strange issue. Does example.org/news/points-to-different-website/ actually redirect to another full URL, i.e. differentwebsite.com, or is the different site actually at example.org/news/points-to-different-website/?
Try
emptying the trash for both pages and posts, as there could be a conflicting slug that is causing a redirect.
Reset permalinks.
Using PHPMyAdmin, search the database for the URL points-to-different-website and see if there is malware or some kind of a redirect, an iFrame, etc.
This can sometimes happen if the server hostname is not set up correctly.
What can happen is website on the server will show in place of a non-existent site or page from another website on the same server.
If you are using a reseller hosting/shared hosting, then the site could be from another account on the server, the site could also be from another server, for example:
There are 2 servers with the hostnames serverone.myserver.com and servertwo.myserver.com... A site on serverone might show in place of a site or page on servertwo.
I did an audit of my website and it sends me this message
"Page has redirected JavaScript"
Issue details
Some pages on your website link to JavaScript files via a redirect.
This forces web browsers and search engine crawlers to make an additional HTTP request in order to reach the destination JS file URL. On a vast scale, this can increase page loading times for your website.
How to fix
Review the pages that have a link to the redirecting URL and replace this link with the direct link to the destination JS file.
If you decide to keep links to redirecting URLs that do not belong to your website, make sure that the destination files are relevant.
And I get several links like these:
https://script.crazyegg.com/pages/scripts/0012/9265.js
https://s7.addthis.com/ with randoms numbers
Has anyone had a similar problem who can help me to see how to solve the problem?
It sounds like you have some pages that are actually loading a remote JS file, which then redirect to another page on your website.
Why this is happening is anyone's guess - maybe you have a plugin installed that is doing it intentionally as part of it's functionality. I would start by disabling plugins one at a time (ideally on a staging environment) until the problem goes away, and then you'll know who the culprit is and make a decision.
I have an wordpress website https://tricourilemele.ro . When doing an audit, my Security Score is showing an high issue: HTTPS URL links to an HTTP URL..
Looking at page source (in fact on all pages) i find these http://gmpg.org/xfn/11 and anther link - which in is in fact a page i made http://tricourilemele.ro/tricouri-personalizate/
Well... i found that http://gmpg.org/xfn/11 in my header is given by my theme - Storefront, even so it had many updates, they never changed that to https.
I tried with a plugin search / replace but i couldn't do any improves .more. i was afraid to try something else. I do not know many related to databases or so..
My problem is ...How could i change those 2 links from http to https?
Please, be
Thank you,
Marius
You'll need to find whatever file gmpg is in, and update the url to https. And then change the url accordingly for the site you created.
I have a really weird problem with my magento 2.1.8 website. Suddenly, the homepage started to look a look different from any other pages on my site.
The home page:
Any other page on my site:
As you can see the homepage loads a completely a different class to other pages on my website... What could cause this problem? Anyone came across this before?
UPDATE:
When I add session id to the homepage url /?SID=5d1ia2d0j92bn95qbc9g5jc7l3 it displays the site correctly...
UPDATE 2:
When I go to the browser and go to my website by typing domain.co.uk it redirects me and assigns a session ID to it. The website is then being displayed properly. However, when I type in www.domain.co.uk, it doesn't assign the session ID and the homepage look totally different.
UPDATE 3:
When I navigate to my website using http://domain.co.uk it redirects me to https://www.domain.co.uk/?SID=1m9tt10hmga4slep7sac8ur8v2 and everything is working fine. When I add https or add www to the URL it redirects me to https://www.domain.co.uk/ without a session ID where CSS is completely different to what it should be.
After dreadful investigation...
I have a server side scanner running every weekend. The scanner was sending alot of post requests and managed to send a request to change a theme in "panel tool".
It didn't have any effect on the website until Varnish cached this request and started displaying this cached version to customers.
After purging Varnish cache and disallowing the server side scanner of accessing "panel tool" the site went back to normal.
Could you help me find out what to do with not fully secure message.
I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".
The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?
Thank you for your answers!
Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.
Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):
If a yellow padlock appears with a mini yield sign, the likely cause
is links in your site still refer to an unsecured page. Make sure that
all your images, menu items and links use https in the URL.
source
I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.
Did you enable https after installing WordPress? If so, you must change the WordPress address and Site Address under "General Settings" in WordPress. Make sure both addresses use https.
If your WordPress site address is set to use http, your server will force https but WordPress will serve certain images, like the favicon, over http. This triggers a "mixed content" warning.
I too had run into this issue. It appears there are many http: that need to be replaced with https:
You typically do this using a plugin called Better Search and Replace. Make sure you are adding colon (:) at the end of both http and https.
I found a working answer here
To check for issues on the chrome/opera inspection console (ctrl+shift+C) is also a great idea: I had setup all correctly and the issue was the footer image, not something you would check very often looking for this fix. I had applied SSL to many websites, sometimes the issue is just one simple link and this method helps find it.
I had the same problem where the home or index page was saying the page was not fully secure "Attackers might be able to see images blah blah blah"
After enabling https in general settings under site address and wordpress address I was still getting the insecure image warning on the index or home page.
The next step was to find out what images were not using the https ref on the index or home page.
In my case I viewed the page source of the page, by right mouse clicking the page in the chrome browser & looking for images url ref which were still showing http. I was using a sliding header and those images were showing http. So all I did was go into slider header in the appearance menu of the wordpress, and re-assign each of the header slider image for each frame. RE-checked the home page now the image urls were showing https. Bingo the secure lock symbol returned.
Obviously these image urls don't get updated via the general settings... which seems an oversight by whoever wrote the part of the word-press script.