I installed the SSL certificate. I changed the WordPress URL and site URL to https in general setting. But the theme js file and CSS file still working on the Http. And it's showing me the mixed content error.
Most SSL issues are due to plugins/themes using the wrong code to load CSS/JS.
Under WordPress General Settings change the WordPress Address (URL) and the Site Address (URL) from HTTP to HTTPS. If you don't have access to your admin you can change this via your wp-config.php http://codex.wordpress.org/Editing_wp-config.php
Use the proper url paths for your themes and plugins: http://codex.wordpress.org/Determining_Plugin_and_Content_Directories for example hardcoding the WP_PLUGIN_URL will not work as opposed to plugin_dir_url. The functions are generally SSL friendly because they have time to check if the site is SSL enabled, the constants are not.
For the admin/login you can force SSL via the wp-config.php:
Login: define('FORCE_SSL_LOGIN', true);
Admin: define('FORCE_SSL_ADMIN', true);
Of course any hardcoded assets will be a problem or plugins/themes that incorrectly load assets.
You can also update your themes and plugins via SSL if your server has libssh2 , you can also define the port# and Auth keys. If this is enabled you do not have to define anything it will just magically show up in the admin settings.
I found the issue. static URL defined in the header file.
Thanks
Related
I am running the latest version of wordpress and just installed SSL. I have also used SSL insecure content plug in. However, I am trying to find 3 items that are eluding me. I have also gone into phpmyadmin and changed all links from http to https using the replace feature. I am using elementor and woocommerce. Any guidance or help will be greatly appreciated.
Here are the current mixed content errors:
Mixed Content - Errors
Soft Failure
An image with an insecure url of "http://www.llamachula.com/wp-content/uploads/2020/02/peppers.jpg" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
An image with an insecure url of "http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png" was loaded on line: 458 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Soft Failure
A file with an insecure url of "http://oops.wpsandbox.io/expired-install/" was loaded on line: 468 of https://www.llamachula.com/.
This URL will need to be updated to use a secure URL for your padlock to return.
Below is everything I thought of to check:
If you're using really simple ssl (that's the most popular SSL redirection plugin and the one I would recommend) make sure you go into the settings and turn on the .htaccess redirect option.
Make sure there is nothing in your .htaccess file that is redirecting to the HTTP version of the page.
Use a search and replace tool such as this one to replace http://youromdomain with https://yourdomain in the database.
If the following constants are defined in your wp-config.php file, make sure they are using https:
define( 'WP_HOME', 'https://example.com' );
define( 'WP_SITEURL', 'https://example.com' );
You shouldn't have to worry about this if you have an .htaccess file that redirects everything to https, but you can also check for plugins or theme that have hard-coded in an asset to load via HTTP. A good place to look is the header.php file of your theme, and if you SSH into the server, you can easily find where the problematic assets are being loaded by doing a grep search (grep -r "your search term") to search the codebase. Ideally everything should be enqueued or for images they should be added through a WordPress function, but if not, then fix the problematic assets and notify the plugin/theme developers that they are adding their assets wrong.
After doing all of the above, make sure you clear out any caches. This may include your Browser cache, Cloudflare/CDNs cache, Varnish cache, page level cache, etc.
I figured out what the problem is:
wp-content\uploads\elementor\css\post-405.css`
.elementor-motion-effects-layer {
background-image:url("http://blushing-oryx.w5.wpsandbox.pro/wp-content/uploads/2019/10/about-bg.png");
}
There it is =)
I have a big problem with a website I edited for a client.
My client said he enabled his free SSL from his host. I installed a force https plugin on his wordpress installation. After that, I edited the address to https instead of http (In general settings).
Now I can't access the website or the wp Login. Apparently the SSL wasn't activated.
This is the error I receive : ERR_SSL_UNRECOGNIZED_NAME_ALERT
Is there a way to either change the website address (from the settings) or disable the plugin?
To disable a plugin:
Using FTP, go to wp-content/plugins/, find the https plugin folder and rename it to something else it.
For change in general settings:
You could try to add the following code in wp-config.php file:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Another way is to change those values directly in the database. Here is one article that shows how to do that.
I don't know how the visual editor broke, it has just disappeared.
users >> Profile >> Visual Editor check box - it's ok
I don't have permissions for editing wp-config.php, for add code define('CONCATENATE_SCRIPTS', false );
I removed all plugins
I have permission for editing files into /themes and admin panel.
Can you help me to fix this problem?
Inspect element shows:
Mixed Content: The page at 'example.com/blog/wp-admin/post-new.php'; was loaded over HTTPS, but requested an insecure stylesheet 'fonts.googleapis.com/css?family=Raleway:700,800,500,300,400';. This request has been blocked; the content must be served over HTTPS
You're probably using wordpress with incorrect SSL configuration
Possible solutions are:
Make sure that the settings > site url & blog url both have SSL version
Install SSL Insecure content WordPress plugin and configure it properly
Install cloudflare WordPress plugin and configure it too if you're using cloudflare
Hire a professional (I can fix this too for your site if you're interested)
I'm trying to force HTTPS on a wordpress site, but my styles and scripts don't loading.
When I display page source code with Chrome I can see styles and scripts use HTTP to loading, I don't understand why.
I set HTTPS in wordpress general/settings for website URL and for wordpress URL. It's a fresh wordpress install with a default theme.
I tried to add this in wp-config.php
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';
It works but when I want to login to https://www.mywebsite.com/wp-admin, wordpress display me this message:
"Sorry you are not allowed to access this page"
Any idea?
Have you done a replace on the database which replaces all old http urls to https? You use a seperate tool for this. Place the directory in the folder where you have your wp-config.php and it should connect automaticly to your database. Make a backup beforehand;
https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
The admin side of my wordpress site is stuck in HTTPS and very slow as a result.
I am trying to set the admin to HTTP.
Here is my setup and what I've tried so far.
Godaddy VPS with Godaddy SSL certificate
In wp-config.php I have: define( 'FORCE_SSL_ADMIN', false );
Tried installing the wordpress-https plugin. The admin https checkbox is greyed out / disabled.
Here are the settings on that plugin.
Check httpd.conf and htaccess files for any rewrites - none found.
Server does have Vernish installed - asked Godaddy support to check for any relevant configs in Varnish. None found.
I have tried commenting out code in wp-includes/functions.php based on suggestion here (see comment by user joelbair).
I always flush caches, and sometimes reboot the VPS completely after making changes.
Any suggestions?
Could it be related to SSL signing certificates or how SSL was installed on the server initially?
Was the HTTPS server sending the Strict-Transport-Security header? If so, your browser received instructions to always use HTTPS version of the site. Try opening the HTTP version in another browser, or try clearing your browser cache in an attempt to remove that header's control.
Install WordPress Force HTTPS plugin.
Change you're WordPress Address (URL) and Site Address (URL) in General Setting to https://yoursite.domain
Clear browser cache
No configuration needed.