I've got a Wordpress site in which I'm trying to add some external links to a footer widget. The site is ssl and I need the links to go to http sites. After putting these links in a text widget, they are being re-written on the front-end to be https.
I've isolated the problem to the Woocommerce core plugin, but I can't find any settings in the admin area (including the "Force SSL" setting) that fix it.
Does anyone know how to force the http protocol, or stop it from being changed to https? Ideally it wouldn't involve rewriting parts of WP or Woocommerce core.
Thanks!
Line 513 of woocommerce.php - had to remove 'widget_text' from the array of items that get filtered for the 'force_ssl' function.
Related
I have an wordpress website https://tricourilemele.ro . When doing an audit, my Security Score is showing an high issue: HTTPS URL links to an HTTP URL..
Looking at page source (in fact on all pages) i find these http://gmpg.org/xfn/11 and anther link - which in is in fact a page i made http://tricourilemele.ro/tricouri-personalizate/
Well... i found that http://gmpg.org/xfn/11 in my header is given by my theme - Storefront, even so it had many updates, they never changed that to https.
I tried with a plugin search / replace but i couldn't do any improves .more. i was afraid to try something else. I do not know many related to databases or so..
My problem is ...How could i change those 2 links from http to https?
Please, be
Thank you,
Marius
You'll need to find whatever file gmpg is in, and update the url to https. And then change the url accordingly for the site you created.
Good Morning,
I have already created several sites in WordPress and I have always been able to manage the link of my site with or without https and with or without www through the settings in options > general, as you can see here: https://prnt.sc/lzv62u
Lately, I have to use a plugin to force https and I've even added code to the htaccess file to redirect to "non-www". However, this htaccess file loses those changes that I make very often (I do not know why).
I would like to know, first of all, if it is possible to manage this type of settings again through the admin panel of my WordPress. If it is not possible, I would like to know why and what is different for this particular site cannot control these settings in the admin panel (because I have already managed to do so in others).
Secondly, if this is not possible, I would like a permanent solution to redirect from www.floresnocais.pt to floresnocais.pt since I already have a plugin to force https.
Thank you
Set the .htaccess rights to 400 after applying all the required changes to the file. This will make the file read-only and prevent any further changes.
We faced the same issue in the past while using the WPML and the events manager plugin. There were issues in preserving the permalinks. The issue may be due to multiple plugins have the write access to .htaccess file and one is overwriting changes of the another.
I've taken over managing a Wordpress site with a custom theme based off Underscores.me. I haven't had too many problems with it but recently I added a page (something I've done before with no problem) and later I noticed the banner/slider went black. I did not change the code in the editor and even went back and checked it with a copy of the code I made but didn't see any changes. I'm not sure if this is a theme/plugin issue but I haven't added any plugins.
The site is integratedneurologyservices.com
integratedneurologyservices.com looks like it was just recently moved onto an https:// domain. There are still resources called on the site that have an http:// protocol, one of which is jQuery, in the footer. Most web browsers block insecure scripts being called on a secure domain.
If you change that jQuery http:// protocol to https://, the banner will work.
Could you help me find out what to do with not fully secure message.
I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".
The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?
Thank you for your answers!
Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.
Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):
If a yellow padlock appears with a mini yield sign, the likely cause
is links in your site still refer to an unsecured page. Make sure that
all your images, menu items and links use https in the URL.
source
I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.
Did you enable https after installing WordPress? If so, you must change the WordPress address and Site Address under "General Settings" in WordPress. Make sure both addresses use https.
If your WordPress site address is set to use http, your server will force https but WordPress will serve certain images, like the favicon, over http. This triggers a "mixed content" warning.
I too had run into this issue. It appears there are many http: that need to be replaced with https:
You typically do this using a plugin called Better Search and Replace. Make sure you are adding colon (:) at the end of both http and https.
I found a working answer here
To check for issues on the chrome/opera inspection console (ctrl+shift+C) is also a great idea: I had setup all correctly and the issue was the footer image, not something you would check very often looking for this fix. I had applied SSL to many websites, sometimes the issue is just one simple link and this method helps find it.
I had the same problem where the home or index page was saying the page was not fully secure "Attackers might be able to see images blah blah blah"
After enabling https in general settings under site address and wordpress address I was still getting the insecure image warning on the index or home page.
The next step was to find out what images were not using the https ref on the index or home page.
In my case I viewed the page source of the page, by right mouse clicking the page in the chrome browser & looking for images url ref which were still showing http. I was using a sliding header and those images were showing http. So all I did was go into slider header in the appearance menu of the wordpress, and re-assign each of the header slider image for each frame. RE-checked the home page now the image urls were showing https. Bingo the secure lock symbol returned.
Obviously these image urls don't get updated via the general settings... which seems an oversight by whoever wrote the part of the word-press script.
I've successfully added SSL on my WordPress website and it's every URL is working well with https URL but there seems all images is missing. In dashboard, all images URL is converted to https URL but in front-end they are not showing any URL it just seems like
Please anyone could help me to solve this issue?
This is likely because the URLs to the images are now http, and may be being blocked by browser security settings. There's a handy plugin I often use to help sort out issues like this called Really Simple SSL:
https://wordpress.org/plugins/really-simple-ssl/
This plugin manages the URLs to include the correct protocol, etc. You may need to change any hard-coded URLs in your theme that do not use https however.