WordPress.org

Ready to get started?Download WordPress

Forums

SSL Insecure Content Fixer
Stell Getting Insecure Errors (2 posts)

  1. CoreyDubeau
    Member
    Posted 8 months ago #

    My site is on http, but my checkout page is https:
    https://earthingcanada.ca/checkout/

    I can't seem to figure out what's causing this message:

    "Your connection to earthingcanada.ca is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

    The connection uses TLS 1.0.

    The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism."

    http://wordpress.org/plugins/ssl-insecure-content-fixer/

  2. webaware
    Member
    Plugin Author

    Posted 8 months ago #

    G'day Corey,

    Your theme has a hard-coded reference to Google Fonts (probably in header.php), change it to load with a protocol-free URL:

    //fonts.googleapis.com/css?family=Rambla:400,700,400italic

    Next, CodeArt - Google MP3 Player is loading jQuery UI directly along with its Smoothness theme. You'll need to hack that plugin to fix it, then tell the plugin author. Change lines 260-261 of index.php in that plugin to read:

    <link rel="stylesheet" href="//code.jquery.com/ui/1.10.2/themes/smoothness/jquery-ui.css" />
    <script src="//code.jquery.com/ui/1.10.2/jquery-ui.js"></script>

    (Actually, that's still a bad way to do it, the plugin author should be using wp_enqueue_script() and wp_enqueue_style() to load scripts and stylesheets, but this hack will get you out of trouble.)

    You're also loading your footer icons (footer-icons.gif) over HTTP. Can you change that in your theme's settings?

    cheers,
    Ross

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.