I have recently installed a flexible ssl on a Wordpress website using CloudFlare. I have read around the issues others have had. I have installed various plugins to remedy the problem. I have tested the url on an ssl checker which says it is OK. When the page first loads I have the green lock - it subsequently goes Amber with an exclamation (on Firefox) or just the 'i' on Chrome.
Chrome console says:
Mixed Content: The page at https://example.com/ was loaded over HTTPS, but requested an insecure image http://example.com/wp-content/uploads/logo1.png. This content should also be served over HTTPS.
In Chrome console it shows that there are some images which load are loading with http - but if you look at the actual image in the WP library it has https in front, including the one above. If I look at images on the front page with say Firefox developer all image paths are preceded https://. If I check the logo image guid in the WP DB which is throwing the error on the front page then it is https://. I have purged the Couldflare cache. I have cleared all browser cache.
So what's the problem?
Related
The WordPress website is not showing images in the safari web browser below version 13.0. I'm trying everything but nothing works. Tried SSL Content fix plugins, deleting the cache, deleted the cloudflare cache, changed http to HTTPS mix, reduced the plug-in version and the wordpress version but still nothing. However, it is perfectly working on other OS like VENTURA, MONTEREY, BIGSUR etc. Firstly, I made this website using a web image format, but after clients requested I change the image format webp to jpeg & png, I ran into issues. Here are the all website links:
webp Image webiste : cons.webhubs.in jpeg image webiste : sikhsaguru.com png Image webiste : dev2.webhubs.in
Upload the image file directly to your website's Media file gallery and see if that would work.
Many people face the same problem with the Safari web browser. According to me, it happened because the origin server was serving mixed content to Cloudflare. So, you should check the SSL certificate on the origin server (the server that hosts your WordPress install, not Cloudflare).
If you don’t fix the mixed content in your WordPress install, the problem will return every few days/weeks.
Also check your site on Why No Padlock, it will help you to get to know the problem on the Webpage of the website regarding SSL.
Theme: Astra
Template: brandstore
Have enabled in cloudflare:
SSL/TLS> Always Use HTTPS
SSL/TLS> Automatic HTTPS Rewrites
Speed>Auto Minify
Speed>Brotli
I want to remove this problem in my site
I have deleted the images that think was raising the warning, but it continue showing a warning in console tab of developer tool of the firefox browser.
Use in firefox f12 to open the developer tool, then go to the console tab and check this warning
Loading mixed (insecure) display content “http://kauchoplus.com/wp-content/uploads/2020/09/banner-03.jpg” on a secure page
and all in the images bellow.
If we click in the url image https://kauchoplus.com/wp-content/uploads/2020/09/banner-03.jpg the message is this.
I am using cloudflare and have self-signed SSL certificate signed in the server.
Please help me to know who is requesting that image and remove the conection no secure problem.
I have resolved the problem, deleting a empty container spectra-block.
The spectra blocks is installed along with the brandstorm template of the Astra theme.
I use WordPress, and I bought a theme from ThemeForest. Everything is great, but when I installed SSL I get insecure connection on my homepage.
Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2018/11/logo-watermark.png?id=6521'. This content should also be served over HTTPS.
(index):1 Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg?id=7079'. This content should also be served over HTTPS.
I have tried searching for those images in FTP, but they are not anywhere in FTP. What can I do and how can it show mixed content for images that are not even on the website?
The images are there - http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg loaded for me. The problem is that your code is including http: without the s.
Navigate to that page and then right click somewhere and select "view Source" to see the source code. Search for http: in the source and you'll find all of the insecure requests. You may have hardcoded some image sources or copied database entries without updating urls, I really don't know, but using relative urls is one way to avoid this issue.
My site is no securing the online transactions. I found the ssl setting and turned it on, but it still does not appear to be working properly. Below are some images for IE and Firefox. Although the https is present, it does not appear to be securing the site. This is mainly issue credit card information page. How to solve this.
image below
Your page is made up of secure and insecure content. Firefox is blocking the insecure stuff.
For example, your page is served from https://www.example.com/index.html, but some of the content within it it is served from http://www.example.com/images. Firefox will block the content from the second location. That's what the message in your image says.
You should serve all your content through a secure channel. i.e. serve everything from https://www.example.com
Here is the link
If you click the squares within the black section they will change the font of the word to the left. All of the fonts are Google fonts but non of them are working in Google Chrome. I've searched the internet with no solution. All other browsers it is working fine.
You are getting an error message that explains a bit more. Try pressing F12, then click on the Console tab. You'll see the error message
[blocked] The page at https://branard.com/index.php?option=com_brands&view=detail&id=16&Itemid=102 ran insecure content from http://fonts.googleapis.com/css?family=Erica+One|Monda|Sacramento|Oleo+Script+Swash+Caps|Text+Me+One|Seymour+One|Cagliostro|Qwigley.
Chrome now displays this message when you fetch insecure content via HTTP when the main page is running HTTPS.
It should just be a matter of changing the font url from http://fonts.googleapis.com/css to https://fonts.googleapis.com/css to secure this link.
This is a security feature of the browser that blocks http content included from a host page served via https. The fix is simple: just remove the protocol from all resource URLs (scripts, stylesheets, etc.). In your case, the URL to the fonts CSS becomes
//fonts.googleapis.com/css…
Notice that the URL has no http or https.