I use WordPress, and I bought a theme from ThemeForest. Everything is great, but when I installed SSL I get insecure connection on my homepage.
Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2018/11/logo-watermark.png?id=6521'. This content should also be served over HTTPS.
(index):1 Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg?id=7079'. This content should also be served over HTTPS.
I have tried searching for those images in FTP, but they are not anywhere in FTP. What can I do and how can it show mixed content for images that are not even on the website?
The images are there - http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg loaded for me. The problem is that your code is including http: without the s.
Navigate to that page and then right click somewhere and select "view Source" to see the source code. Search for http: in the source and you'll find all of the insecure requests. You may have hardcoded some image sources or copied database entries without updating urls, I really don't know, but using relative urls is one way to avoid this issue.
Related
I recently created a Wordpress Website on my personal server. And once completed I deployed it to the client's server successfully.
However, when I activated HTTPS, I received the 'Mixed Content' error, and when I Inspect the Console I still see a reference to my own server:
Mixed Content: The page at 'https://fluidfinance.co.za/' was loaded over HTTPS, but requested an insecure image 'http://transciety.co.za/fluidfinance/wp-content/uploads/2020/01/Slider1.jpg'. This content should also be served over HTTPS.
Fluidfinance.co.za being the client's server, and transciety.co.za is my server.
I checked the HTML body, and cannot find any reference to this image link. I also ran a Find and Replace on the Database, and still it is trying to fetch the images from my own server.
The actual image being displayed comes from the correct server.
How can I get rid of this reference, in order for the Mixed Content error to be removed?
Thank you in advance.
It is Coming from Elementor CSS.
URL: https://fluidfinance.co.za/wp-content/uploads/elementor/css/post-6.css
CSS Present.
.elementor-motion-effects-layer{background-image:url("http://transciety.co.za/fluidfinance/wp-content/uploads/2020/01/Slider1.jpg");background-repeat:no-repeat;background-size:cover;}
May You can Change it in Elementor Plugin or Manual by Going to the CSS Path.
Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again
I am having a very weird issue. I am working on my new site and there are three images that are coming up as mixed content. The issue is I cannot for the life of me find the images in the html sources, or in the database. If anyone could help I would appercaite it.
Here is the site website with error
Here is the error I am getting.
(index):1 Mixed Content: The page at 'https://example.com/seo2/' was loaded over HTTPS, but requested an insecure image 'http://example.com/seo2/wp-content/uploads/2018/05/wave.png'. This content should also be served over HTTPS.
(index):1 Mixed Content: The page at 'https://example.com/seo2/' was loaded over HTTPS, but requested an insecure image 'http://example.com/seo2/wp-content/uploads/2018/04/work_process.png'. This content should also be served over HTTPS.
(index):1 Mixed Content: The page at 'https://example.com/seo2/' was loaded over HTTPS, but requested an insecure image 'http://example.com/seo2/wp-content/uploads/2018/03/testimonialbg1.jpg'. This content should also be served over HTTPS.
I found the solution hiding in a css file.
Thanks for everyones time
Hey i have activated a ssl certifcicate and all routes stopped working. I repaired every url/address in database and mass replaced all http:// with https:// in ftp files, also manually searched for http occurences in code but found nothing. I did many tutorials, searched many websites but solution seems to be more complicated. If anybody deal with problem like mine in the past please tell me how to solve it.
It remains to repair css and js assets:
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.8'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure script 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'. This request has been blocked; the content must be served over HTTPS.
Try install "Really Simple SSL" plugin. It's should fix the problem.
Don't reference the file by the entire URL " 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'"
If the file is local, then ref it by "/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'" , and you will avoid the whole http situation altogether.
Google does this with some of their files that haven't been upgraded yet.
If I move a website to https so that it loads all resources (css, js, images, ...) via https, the browser will not pop any warning (I hope).
However, what if the content of my site is partially created by another users who may have already added links, e.g. <a href=http://anothersite.com>", that target websites without https. In such case, will the browser warn about mixed content?
And what about images, e.g. <img src=http://anothersite.com/img.jpg>"?
Thanks!
A link will not trigger mixed-content:
The content of that link is not displayed on your page, it doesn't modify the appearance or the functionalities of your page, so no reason to display a mixed-content warning.
(But if a secure version of that website is available, it's better to link directly to it, to avoid an insecure redirect)
But http images included in your https pages will trigger mixed-content warnings
What you cant do to prevent it partially, it using HSTS and https://www.w3.org/TR/upgrade-insecure-requests/