Insecure stylesheet WordPress - wordpress

Im having problems with WordPress, I'm getting this error everywhere in the site, wp-admin, home dir and etc. I can't find a way to fix it because I cant see the valid URL of it. Error looks like this, I received it while trying to edit widget in widgets area wp-admin:
Mixed Content: The page at 'https://somesite.com/wp-admin/widgets.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://somesite.com/?ver=1.11.4'. This request has been blocked; the content must be served over HTTPS.
Maybe anyone had similar problem, please help!

That error is generates by Google Chrome any time a website with SSL certificate (a website that uses HTTPS) try to call a URL without HTTPS, in your case you are calling somewhere in the code the URL "http://somesite.com/?ver=1.11.4" (probably in the menu or in the header).
There is a Wordpress plugin called "SSL Insecure Content Fixer" that can help you out in this problem, basically that plugin replace all the string "http://somesite.com/..." with "https://somesite.com/...".
So check it out, I think it will help you.

Problem was with redirects. If anyone has similar problems. Try to look at your server and htaccess redirects. Otherwise this was not your problem.

Related

The page at https://example.com was loaded over HTTPS, but requested an insecure image http://example.com

I see this error on my site while loading in Chrome. But it does not mention which specific image it is looking for
The page at https://example.com was loaded over HTTPS, but requested an insecure image http://example.com
Can I have some suggestions how to find what is loaded on HTTP. I tried various plugins on Chrome, but none of them were able to figure out the HTTP URL.
Able to find the issue and solve it. Scenario was bit tricky. There was one image at
http://example.com/css/images/def.png which is referenced in one of the files. And there was a redirect rule for this image / path to redirect to home page. I had to delete the redirect rule. Once deleted, I dont see the mixed content error now.
Thanks everyone for the suggestions.

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet error in Wordpress site

Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again

Changing http to https in wordpress website, activate ssl certificate

Hey i have activated a ssl certifcicate and all routes stopped working. I repaired every url/address in database and mass replaced all http:// with https:// in ftp files, also manually searched for http occurences in code but found nothing. I did many tutorials, searched many websites but solution seems to be more complicated. If anybody deal with problem like mine in the past please tell me how to solve it.
It remains to repair css and js assets:
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.8'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure script 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'. This request has been blocked; the content must be served over HTTPS.
Try install "Really Simple SSL" plugin. It's should fix the problem.
Don't reference the file by the entire URL " 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'"
If the file is local, then ref it by "/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'" , and you will avoid the whole http situation altogether.
Google does this with some of their files that haven't been upgraded yet.

Wordpress - Page renders fine, Web Sniffer returning HTTP Response Header 404

I hope someone can help, I've been going round and round in circles. I've tried calling my host 1and1 they basically told me it's nothing to do with them.
All my Wordpress pages render fine to the eye of the user.
However if I use http://web-sniffer.net and put any page other than the homepage it returns a 404 status.
The .htaccess file is the standard Wordpress one. I don't have any caching plugins installed.
Could anyone tell me how I fix this? Or what on earth is going on? I've been at this for hours reading tonnes of posts to no avail.
I am using a dedicated 1and1 server, within the settings in Plesk the IPv6 address was set to none. As soon as I added a IPv6 address it all worked!
Note I had another issue that Facebook wasn't able to scrape my URLs, this also fixed that. Wordpress - Shared link 404 on Facebook

Cloudflare flexible ssl issue?

I spent my whole day configuring my wordpress website to use cloudflare flexible ssl.
I use WP HTTPS plugin and cloudflare page rule to redirect http to https.
It's working very well on firefox and IE but in chrome it's saying:
The page at 'https://mrbladedesigns.com/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://mrbladedesigns.com/': this content should also be submitted over HTTPS.
One more thing I want to tell you guys that now also my wordpress address and Site address is HTTP in wordpress admin settings
I removed all of the insecure content but have no idea on how to resolve this.
Any help will be appreciated!
Just disable W3 Total Cache, https cloudflare will working fine.
I actually tried this as well but with more success. From your description it sounds like you have an issue with insecure content being loaded. This happens when you load the page via https but content is loaded via http.
The ssl insecure content fixer plugin will help you with most of your problems, but other problems will have to be fixed manually by changing http references in your html code to https.
never mind I fixed it, SSL insecure didn't worked for me, the root cause of this problem was the search bar on my homepage. Here's the fix: under WP HTTPS settings at the end there's an option Secure filters. Just write /?s there and save it! Done!

Resources