I'm getting the following error when submitting a Ninja form that was integrated to the wordpress site.
Mixed Content: The page at 'https://my.domain/event/test-page/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://my.domain/wp-admin/admin-ajax.php'. This request has been blocked; the content must be served over HTTPS.
That is the only error that I'm getting.
The site runs in HTTPS.
A quick help is utmost appreciated.
Install the plugin Really Simple SSL. Once installed and activated, click on "Go Ahead!" Blue button to activate it.
Are you seeing the mixed content error in WordPress? Mixed content error in WordPress is caused by incorrect HTTPs/SSL settings. Often times it doesn’t affect your website’s functionality, but it can have adverse affects on your website’s SEO and user experience. In this article, we will show you how to fix the mixed content error in WordPress.
For more details:
http://www.wpbeginner.com/plugins/how-to-fix-the-mixed-content-error-in-wordpress-step-by-step/
You could try forcing all http requests to redirect to https. This is a blunt-force tool to solve issues like this, but not elegant.
Place this in your .htaccess file above the #BEGIN WordPress line
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Richard, Arta, and Gufran's answers are satisfactory. I simply offer an alternative. If you have a cpanel, go to domains and toggle the 'Force https Redirect' next to your domain
Related
Hate to complain but I've spent like 2-3 hours working on trying to secure my WordPress site via SSL. I can successfully browse to my site via HTTPS, but I always get mixed content. I've tried several plugins, but there are still resources that are pulling images via HTTP. If I tried to browse to the URLs of those images manually, my web browser actually switches the URL to HTTPS, so I'm not sure why the site loads the images under HTTP but browsing to the images manually forces it over HTTPS. Very Confusing.
I've tried adding this in the .htaccess file of my root directory, so that all requests to the subdirectory /wp-content/ are forced over HTTPS, but it still does not work:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(wp-content/.*)$ https://www.example.com/$1 [R=301,L]
When I add this into the .htaccess file, reload the site, inspect element, I still see numerous links in here with http.
I've also tried HTTPS Easy Redirection, which forces HTTPS on everything but then results in a redirect loop. Still no luck.
Any suggestions would be greatly appreciated. It seems to just be the images.
What you have setup so far works, but does not address the root issue. As a matter of fact the .htaccess redirect is overkill.
Your Wordpress configuration needs to be edited. Go to your settings>general, ensure that the Wordpress Address Url and Site Address Url are https. It's that simple. You also need to edit any hard coded content urls to https.
You could use some wacky plugin to mutate your links but I would not advise it. But it won't work all the time. That will depend on how your content is constructed.
If you want to play it safe, whenever your add a resource link to content simply omit the protocol like this: ://example.com/.... That scenario works well with content generated by Visual Composer and the likes.
If the SSL is successfully installed in your server then use this plgin: https://wordpress.org/plugins/really-simple-ssl/
This will works for you...
Note: Take backup of your website and database first then proceed with the above plugin.
Thanks
This problem started yesterday.
When the public visitor view my website, the Wordpress navigation bar will appear on top of the page as if they are a login user. They can even see the greeting message on top right corner, "Howdy, John(My name)"
The good news is, these public visitors will not be able to access the wordpress configuration page. They can only thee the top navigation bar when they view the page.
My question is, what is going on?
Could it be a plugin?
Could it be CDN (Cloudflare) problem?
Could it be the hosting site problem?
or could it be a hacker's deed?
Please help, I have no idea where to begin with.
You're probably serving fully cached pages (which includes the logged-in user content) for all visitors. This means that a new visitor will get served the exact same HTML and other assets that have been served earlier for a logged-in user.
I would start by checking the Cloudflare settings and see whether there are any options for disabling the cache for certain types of visitors (e.g. validated by cookies).
Problem solved.
Apparently, the culprit is the wrong configuration in Apache Server.
One of our engineer added the snippet below into the .htaccess as a recommendation from LiteSpeed module for Wordpress. This little devil makes Apache server to do full-page caching.
<IfModule LiteSpeed>
CacheEnable public /
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-cron.php)
RewriteRule .* - [E=Cache-Control:max-age=120]
</IfModule>
Thank you #ojrask for pointing out the possibility of full-page caching in Apache Server.
Been trying to clean up the aftermath of a decode64 content injection hack on multiple sites on my shared server.
It's clean, but now I'm getting links of incoming spam links with query string, like abc.com/?some-stupid-porno-spam/, so even though the content no longer exists, they're still being redirected to the front page. Am ranking for these spam words instead, or google's just saying those are soft-404s for the luckier sites.
Got a solution, but it's temporary. I was advised to add the following to the top of the .htaccess file:
RewriteEngine on
RewriteCond %{QUERY_STRING} .
RewriteRule ^/?$ - [L,R=404]
So, now all links with /? are redirected to a 404. 2 problems:
It's temporary, in that ALL /? queries are thrown to the 404, including wordpress post/page previews. Is there are way to make it such that it only works for non-existent pages?
The 404 points to the webhosts 404. How can I make it such that it goes to the theme's 404 instead?
Thanks for your time!
------ update
So, the above code works great. I can preview posts/pages, but I found there's a problem - it blocks wordpress' WYSIWYG text editor. The 'visual' tab remains blank, and none of the toolbars appear.
Help? lol
I'm seeking help with an issue, basically my entire ecommerce website runs on HTTPS with wordpress but I have recently become affiliated with ebay.
However when I try to display their products on my site using a HTTPS page none of the images show and I get this error:
Failed to load resource: net::ERR_INSECURE_RESPONS https://thumbs2.ebaystatic.com/m/mPA8yaCHEhocIoW2TdC-0hQ/140.jpg
I'm trying to change (https example.com/shop/ebay-shop/) to (http example.com/shop/ebay-shop/)
so that the images are displayed correctly. Unless anyone knows how I can make the images load without having to redirect to http?
Thanks.
Try adding this to the top of the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^shop/ebay-shop/ http://example.com%{REQUEST_URI}
Note, you'll need to be careful with any wordpress plugins or settings that will attempt to re-redirect such a request back to https. If that happens, you'll end up with a redirect loop.
If I try to navigate to http://vequityintelligence.co.uk then WordPress redirects the browser (301 Moved Permanently) to http://www.vequityintelligence.co.uk/defaultsite which doesn't exist, so I get a 404 Not Found error.
The htaccess file is the one that came with WordPress.
I've refreshed my permalinks by changing the permalink format.
The site frontpage is set to the 'Recent Posts' option, but changing this doesn't affect it.
I understand why I get redirected, but I don't understand where the addition of '/defaultsite' comes from.
I have searched google and SO with very few results, let alone any answers. I can't think what else might cause this.
I imagine you don't need this answer anymore, but adding it for posterity: weird as it sounds, I think it's a caching issue.
I just came across this with a client's site I'm working on, and was at my wit's end, but then found some references that said it worked okay in one browser but not another, and clearing the cache fixed it.
An easy test: if you visit the URL in a browser you've never used to visit it, do you still have the issue? If not, it's probably just a matter of clearing the cache in the browser that is giving you trouble.
In the Wordpress dashboard > General Settings, check your setting for the Wordpress Address (URL) and Site Address (URL).
This is where I made sure the ‘www.’ was unnecessary for my URL.
I'd say it's a problem with the htaccess file. Perhaps adding the following code to htaccess will resolve the problem.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
This redirects non-www to www. Put this near the top so it is processed before other rules are.
Code found here