WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[resolved] [Plugin: WordPress HTTPS] Connection Paritally Encrypted (42 posts)

  1. JCLIFF
    Member
    Posted 3 years ago #

    I mouseover the favicon at this page https://www.fcnapoli.net/training/clinics/winter-registration and the message indicates "Connection Partially Encrypted" and goes on to explain what that means.

    I'm currently using Force SSL (if I didn't I did not see or understand how to make the url HTTPS). I've attempted to use a number of the other entitlements/restrictions in combination in order to change the status of the page, but no luck. Why is it site is unable to provide full encryption?

  2. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey Jcliff,

    Out of curiosity, do you have the 'External HTTPS Elements' option enabled? Just glancing at your site, I think that if it were enabled, it may fix a number of the elements that are not loading securely.

    You can find this option under 'WordPress HTTPS' in the Settings menu in the WordPress admin panel. (screenshot)

    If you only want that one page to be SSL and not the rest of your website, I would also suggest enabling 'Disable Automatic HTTPS' and 'Force SSL Exclusively'. Also, make sure you check the 'Force HTTPS' checkbox when editing the page/post to force it to HTTPS. (screenshot)

  3. JCLIFF
    Member
    Posted 3 years ago #

    Tried that (as well as a number of other combinations).

    Same message re: partial encryption.

    GoDaddy support replied by saying that this message would appear should any connections into the page are HTTP and not changed to HTTPS.

    It's essentially working, minus "eavesdropping" - my objective here is to be able to rebut anyone who suggests a lack of security exists (absolutes are always preferred).

  4. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Just because you enabled those particular options, and it didn't load securely, doesn't mean that it's not working. What it means is that you've got elements loading on your page that the plugin cannot fix for one reason or the other and so the page still shows that it's insecure. This is pretty common.

    I need you to make sure the options are set up exactly how I described them, and then I can take a look at your site and tell you exactly what's causing your site to not load securely.

  5. wiebejammin
    Member
    Posted 3 years ago #

    I'm having the same issue with partial encryption. I have External HTTPS Elements, Disable Automatic HTTPS, and Force SSL Exclusively checked and have the shopping cart and the checkout pages checked to force HTTPS.

    This is my first attempt at SSL with WP. The site is http://newhealthvisions.com. Thanks.

  6. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey wiebejammin,

    Your issue is being caused by WPAudio. There is a block of JavaScript that creates paths to some images for the player. The block looks like this:

    <script type="text/javascript">
    /* <![CDATA[ */
    var wpa_url = 'http://newhealthvisions.com/wp-content/plugins/wpaudio-mp3-player';
    var wpa_urls = [];
    var wpa_pref_link_mp3 = true;
    /* ]]> */
    </script>

    This is causing two images to load over HTTP rather than HTTPS and that makes the page insecure. The images are these:

    http://newhealthvisions.com/wp-content/plugins/wpaudio-mp3-player/wpa_play.gif
    http://newhealthvisions.com/wp-content/plugins/wpaudio-mp3-player/wpa_pause.gif

    My plugin is aware of what it fixes, and unfortunately, it can't really do anything about inline JavaScript. You can, however, modify the plugin to work with SSL like so:

    Go to the plugin editor and open wpaudio.php. Find these lines toward the top of the file:

    if ( ! defined( 'WPA_URL' ) )
        define( 'WPA_URL', WP_PLUGIN_URL . '/wpaudio-mp3-player' );

    Change it to this:

    if ( ! defined( 'WPA_URL' ) )
        define( 'WPA_URL', plugins_url('', __FILE__) );

    I would recommend contacting the plugin author to let him know that his plugin is not SSL aware. If you update the plugin, you will most likely have to re-do this change.

    Let me know if that fixes your issue.

  7. wiebejammin
    Member
    Posted 3 years ago #

    Hey Mvied,

    I knew it was the audio player that was causing the problem. I had someone help me yesterday with a hack in the same php file you recommended. It worked but had it's limitations.

    Your fix on the other hand allowed me to remove the forced https on most of the pages and posts. Your insight has helped immensely. Thanks.

    Steve

    P.S. I will be contacting the plugin author to alert him of this issue.

  8. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    If you'd like, you can give him this link: http://codex.wordpress.org/Determining_Plugin_and_Content_Directories. I've updated the Codex with a snippet that plugin developers should use to avoid SSL issues with their plugins.

  9. clay123
    Member
    Posted 3 years ago #

    Hi Mvied,

    How are you? What a handy plugin! Even tho I'm having this issue it's so cool to be able to force some pages ssl and others not! Thanks for this!

    I've been working on my first wp install with ssl. I'm getting the partially secured message in firefox and ie. I've been reading your posts and I've looked over my source code for http: and looked at the javascript i'm linking to but can't determine cause of my problem.

    I'm using quite a few plugins including gravity forms, wordpress firewall2, user access manager, google analytics, wordpress hitcounter, +

    My HTTPS plugin settings as follows:
    [x]Internal HTTPS Elements
    [x]External HTTPS Elements
    [x]Force SSL Exclusively

    Your help is greatly appreciated!

  10. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey clay123,

    Your issues are actually being caused by using absolute URL's for some images in your stylesheets. Both are in your twentyten/style.css. Changing these paths to relative URL's will fix it.

    Line 205:
    background: #036 url(http://www.highercreditscore.co/wp-content/uploads/2010/10/bodyBg.jpg) repeat-x;
    Should be:
    background: #036 url(/wp-content/uploads/2010/10/bodyBg.jpg) repeat-x;

    Line 523:
    background: url(http://www.highercreditscore.co/wp-content/uploads/2010/10/credit-going-up.jpg) no-repeat;
    Should be:
    background: url(/wp-content/uploads/2010/10/credit-going-up.jpg) no-repeat;

  11. clay123
    Member
    Posted 3 years ago #

    Now that's SUPPORT! Wow that did it. I didn't think to look in the css. Also noticed upgrade of plugin and downloaded and made a small donation.

    Cheers!
    Clay

  12. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Awesome! Thanks for donation. :)

  13. snottmonster
    Member
    Posted 3 years ago #

    Hi Mike,

    After 1.75 fixed my last issue, afraid I've recently started hitting this issue also.

    I can find no content on my site that loads over http when https is specified - Issue affects every page and so I expect it is something I've changed, but I really can't figure what as all internal links appear be redirected to https correctly. I've also rolled back recently updated plugins to earlier versions as a precaution, but to no avail

    Would appreciate your advice if you could take look?

    https://sphardy.com

  14. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey Snottmonster, (lovely name, lol)

    This file is the culprit: http://edge.quantserve.com/quant.js

  15. snottmonster
    Member
    Posted 3 years ago #

    Where does that come from? I have no idea what that file is... Neither do I see where it is getting called from. Must be a plugin - but which?

  16. snottmonster
    Member
    Posted 3 years ago #

    OK - Got it figured.

    Appears this is something WordPress has implemented as part of WordPress Stats. As far as I remember there has been no update to the plugin, so this must be something WordPress has added on their side and appears to be some form of tracking mechanism.

    So - goodbye wordpress stats!

    Mike - I'd be very interested to know how you found that if you could explain? But many thanks that you did. All is well again.

  17. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Ah, so you want my secrets, eh? Haha.

    My secret is Google Chrome.
    1. Open the site
    2. Open the Developer tools (Ctrl + Shift + i)
    3. Click Console along the top

    On any site that's loading insecure content, you'll see Warnings like this The page at https://example.com/ displayed insecure content from http://example.com/css/style/css. for every insecure element on the page.

  18. snottmonster
    Member
    Posted 3 years ago #

    Ah - thanks for that.

    Have been playing with a variety of tools like wget and curl, checking logs and such, to try and get such a listing of all URLs accessed during a page load.

    Scoured Safari and Firefox and have been looking for addons, but didn't think to try chrome

    Great tip

  19. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Firefox has Firebug which is really helpful, but the last time I checked, it doesn't show Warnings for insecure content. I actually found it in Chrome because I recently switched from Firefox to Chrome, otherwise I wouldn't have known about it.

  20. macroamerica
    Member
    Posted 3 years ago #

    Hey Mvied,

    I just happily made a $50 donation, sorry it couldn't have been more!

    Your plugin is phenomenal. It's THE plugin for WP-ecommerce and WP SSL in general, that's for sure! One guy online wanted to charge me $300 bugs to get me set up with SSL, and this was AFTER I bought the certificate. Soooo, I couldn't afford the certificate AND his help, and I had to forge ahead and try to figure it all out myself. Even after the SSL certificate was installed, I kept getting the frustrating "partially encrypted" message, and I could not figure it out after hours of trying. I tried the WP plugins Admin SSL, HTTPS for WordPress but both did nothing for me(those who are reading this, be sure not to confuse the "HTTPS for WordPress" plugin with WordPress HTTPS! You want WordPress HTTPS), Then I came upon a recent post by you in a forum where you were announcing WordPress HTTPS. Thank God.

    After installing WordPress HTTPS and studying the instructions, and then playing around for some time with what to enable/not enable in the Settings, I was able to get rid of all of the "partially encrypted" errors. A HUGE help was your post previously on this forum about how you use the Chrome > Developer Tools > Console to identify what is actually causing the error message on the page. This
    allowed a real breakthrough for me, thank you, thank you.

    Now my checkout page, and a couple of others, for my store are secure on Chrome, Safari, Firefox and IE. I could not have done it without your Worpress HTTPS and the impressive support you offer here.

    -David B.

  21. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    David, thanks for the kind words! The frustration of WordPress with SSL is why this plugin exists. Thank you for correctly utilizing the forums and FAQ's to figure everything out. Most questions have been asked, so it's nice when someone utilizes the resources here rather than just ask me to do it. If you had a rating, I would give you 5/5! :)

  22. arizonapain
    Member
    Posted 3 years ago #

    Great plug in!! I have it working on some browsers but not IE or Safari. Works great in firefox. Can you see anything wrong?? https://arizonapain.com/contact-us/physician-referral/ use ip 173.255.214.29 (it is not live) only on dev server

  23. arizonapain
    Member
    Posted 3 years ago #

    sorry should be more clear. If I am on a http page the click to a web form I have force ssl it is not redirecting try here http://arizonapain.com on ip 173.255.214.29 then click the button physician and staff referral

  24. macroamerica
    Member
    Posted 3 years ago #

    arizonapain, I'm certainly not an expert here, but since I've just been through some of what you are experiencing, and successfully resolved it, I can share with you that when I view your page via the Chrome browser >Developer Tools > Console, it shows a whole bunch of stuff that is blocking the encryption. I highly recommend installing Chrome for this information. It saved me hours of guessing and frustration. I'm not able to offer more than this, really, but maybe Mvied can.

  25. arizonapain
    Member
    Posted 3 years ago #

    Installing now thank you. Any suggestion will help than you!

  26. macroamerica
    Member
    Posted 3 years ago #

    arizonapain, in the WordPress HTTPS settings I had to play a bit with enabling/disabling "External HTTPS Elements" and "Bypass External Check" to get those factors that Chrome was showing as blocking the encryption to disappear. And I had to remove a couple of things completely, for example the plugin for a Facebook "Like" button.

  27. arizonapain
    Member
    Posted 3 years ago #

    Well everything works on firefox. The main problem I am having is in IE, Safari and Chrome it is not redirecting to https at all

  28. antwizzie
    Member
    Posted 3 years ago #

    Hi. My names is Antoine my website is http://www.james217apparel.com I am also having the same issue as far as seeing that it's Connection Paritally Encrypted but it only shows that when I'm using firefox. under IE is just says that I'm Encryted. could you please help. I'm stressing myself over here. I contacted GODADDY but they said since it's under WORDPRESS they can't help. I don't know what's going on.. this is my settings...

    [X] Internal HTTPS Elements
    [X] HTTPS Front Page

  29. macroamerica
    Member
    Posted 3 years ago #

    Antoine, a look at your site via Chrome>Designer Tools>Console gives the following lines of information about what items are preventing full encryption:

    The page at https://james217apparel.com/ displayed insecure content from http://i24.photobucket.com/albums/c8/Ant2003/modwidesky-02-1.jpg.
    The page at https://james217apparel.com/ displayed insecure content from http://i24.photobucket.com/albums/c8/Ant2003/gardenfire-1.jpg.

    So, this means that you have two jpgs from EXTERNAL sources that are blocking the full encryption.

    Try enabling EXTERNAL HTTPS ELEMENTS.

  30. antwizzie
    Member
    Posted 3 years ago #

    @ macroameria it took to long doing that so I took the picks and added it under the media and save the place the url in the widget. It works perfectly now... thanks for your help!!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic