Changing http to https in wordpress website, activate ssl certificate - wordpress

Hey i have activated a ssl certifcicate and all routes stopped working. I repaired every url/address in database and mass replaced all http:// with https:// in ftp files, also manually searched for http occurences in code but found nothing. I did many tutorials, searched many websites but solution seems to be more complicated. If anybody deal with problem like mine in the past please tell me how to solve it.
It remains to repair css and js assets:
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.8'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://wiadomosci.nowakonstytucja.org/' was loaded over HTTPS, but requested an insecure script 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'. This request has been blocked; the content must be served over HTTPS.

Try install "Really Simple SSL" plugin. It's should fix the problem.

Don't reference the file by the entire URL " 'http://wiadomosci.nowakonstytucja.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'"
If the file is local, then ref it by "/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8'" , and you will avoid the whole http situation altogether.
Google does this with some of their files that haven't been upgraded yet.

Related

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet error in Wordpress site

Instead of genuine Mixed Content issue this seemed like more of a Wordpress issue hence posting here to find a resolution.
I have everything setup to work with https, though there is no valid certificate yet. here is the home page url https://tourpoule.nl. The home page loads but with Mixed content errors which seem to be generated by core Wordpress or theme functions. Attaching image:
Database does not have any url which would start with http://. I already have replaced them using search and replace script.
There is nothing in htaccess file except basic Wordpress setup code. I tried renaming it as well. I cleared all types of cache but still it does not work. The site is using twentytwenty theme and if I comment out css and javascript enque lines, some of the errors disappear but styles and scripts do not load(that is normal I know).
In the view source of page it shows mixed urls, some with https and style and javascript urls without https. see below:
Interestingly if I click a stylesheet url i.e. http://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0 it redirects to https://new.tourpoules.nl/wp-content/themes/twentytwenty/style.css?ver=1.0
I am not sure what is going on and have got struck. I am not able to reach the client so that we can discuss turning ssl redirection off in nginx for this domain where it is redirecting everything to https if it is not https. Not sure if that is causing issue (I believe it is not as it has nothing to do with Wordpress mechanism to generate urls). Any help or direction is greatly appreciated.
I can see your website is still unsecured, for what it's worth, get yourself letsencrypt ssl.
Back to you question, go to your database, open the wp_options table, change the siteurl item to https://tourpoules.nl and also change the home item to https://tourpoules.nl.
If you have used search and replace DB master script or plugin it will not update inside meta files as well as and check for the function file have you Enqueue with https://
So will be better if you download SQL file and replace with below:
From:
http://new.tourpoules.nl
To
https://new.tourpoules.nl
and re-upload again

blocked by CORS policy: No 'Access-Control-Allow-Origin' header ERROR

Im having issues when accessing certain pages with the "www." in the URL.
I have an online form for users to fill out although when accessed using the www. infront of the URL, errors show in the form & certain icons will not show and out coupons will not work properly.
Inspecting through google chrome > console this error has shown:
Access to font at 'https://adventurethon.com.au/wp-content/plugins/WP_Estimation_Form/assets/fonts/fa-solid-900.ttf' from origin 'https://www.adventurethon.com.au' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Functioning URL (with no www.): https://adventurethon.com.au/east-gippsland-registration/
Incorrect functioning URL (with www.): https://www.adventurethon.com.au/east-gippsland-registration/
Is there a way to make sure that users are always redirected to the correct URL so these errors don't show? Or we will continue to have on-going errors when users are trying to sign up.
I am a web designer, still a bit new at the whole development side of things so easy to follow instructions would be much appreciated!
I have been in contact with plugin support as we thought it was a plugin issue although it was not. I also contacted hosting support although they are not willing to assist in fixing the issue.
Thank you!
Beck
CORS (Cross-Origin Resource Sharing) stops other origins from being able to use your assets.
The www and non-www versions of your website are two different origins (domains) and the www version is trying to access files from the non-www version, which is being disallowed by your server.
There's a few ways you could proceed:
Redirect all traffic to one version; Apache .htaccess example
Adjust the CORS policy - you can do this using .htaccess or your server config files. This is a potential security threat.
Adjust your urls to reference the domain being visited. Presuming you're using WordPress, as tagged, this might be slightly difficult if you're using helper functions such as home_url() or template_directory_uri() as these always point to the url in your WordPress settings. You could also use an absolute-path reference (/wp-content/themes/freestyle/assets/css/elegant-icons/fonts/ElegantIcons.ttf instead of https://adventurethon.com.au/wp-content/themes/freestyle/assets/css/elegant-icons/fonts/ElegantIcons.ttf) if you have access to change this.
Your best bet would be the first option! You really shouldn't have two versions of the site accessible anyway as it counts as duplicate content for search engine bots, and WordPress isn't really configured to work on two domains.

SSL Mixed Content but I can't find images on ftp

I use WordPress, and I bought a theme from ThemeForest. Everything is great, but when I installed SSL I get insecure connection on my homepage.
Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2018/11/logo-watermark.png?id=6521'. This content should also be served over HTTPS.
(index):1 Mixed Content: The page at 'https://freindly-flowers.com/' was loaded over HTTPS, but requested an insecure image 'http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg?id=7079'. This content should also be served over HTTPS.
I have tried searching for those images in FTP, but they are not anywhere in FTP. What can I do and how can it show mixed content for images that are not even on the website?
The images are there - http://freindly-flowers.com/wp-content/uploads/2017/12/testimonials.jpg loaded for me. The problem is that your code is including http: without the s.
Navigate to that page and then right click somewhere and select "view Source" to see the source code. Search for http: in the source and you'll find all of the insecure requests. You may have hardcoded some image sources or copied database entries without updating urls, I really don't know, but using relative urls is one way to avoid this issue.

Insecure stylesheet WordPress

Im having problems with WordPress, I'm getting this error everywhere in the site, wp-admin, home dir and etc. I can't find a way to fix it because I cant see the valid URL of it. Error looks like this, I received it while trying to edit widget in widgets area wp-admin:
Mixed Content: The page at 'https://somesite.com/wp-admin/widgets.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://somesite.com/?ver=1.11.4'. This request has been blocked; the content must be served over HTTPS.
Maybe anyone had similar problem, please help!
That error is generates by Google Chrome any time a website with SSL certificate (a website that uses HTTPS) try to call a URL without HTTPS, in your case you are calling somewhere in the code the URL "http://somesite.com/?ver=1.11.4" (probably in the menu or in the header).
There is a Wordpress plugin called "SSL Insecure Content Fixer" that can help you out in this problem, basically that plugin replace all the string "http://somesite.com/..." with "https://somesite.com/...".
So check it out, I think it will help you.
Problem was with redirects. If anyone has similar problems. Try to look at your server and htaccess redirects. Otherwise this was not your problem.

Cloudflare flexible ssl issue?

I spent my whole day configuring my wordpress website to use cloudflare flexible ssl.
I use WP HTTPS plugin and cloudflare page rule to redirect http to https.
It's working very well on firefox and IE but in chrome it's saying:
The page at 'https://mrbladedesigns.com/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://mrbladedesigns.com/': this content should also be submitted over HTTPS.
One more thing I want to tell you guys that now also my wordpress address and Site address is HTTP in wordpress admin settings
I removed all of the insecure content but have no idea on how to resolve this.
Any help will be appreciated!
Just disable W3 Total Cache, https cloudflare will working fine.
I actually tried this as well but with more success. From your description it sounds like you have an issue with insecure content being loaded. This happens when you load the page via https but content is loaded via http.
The ssl insecure content fixer plugin will help you with most of your problems, but other problems will have to be fixed manually by changing http references in your html code to https.
never mind I fixed it, SSL insecure didn't worked for me, the root cause of this problem was the search bar on my homepage. Here's the fix: under WP HTTPS settings at the end there's an option Secure filters. Just write /?s there and save it! Done!

Resources