Stell Getting Insecure Errors

  • Resolved CoreyDubeau

    (@coreydubeau)


    10 years, 4 months ago

    My site is on http, but my checkout page is https:
    https://earthingcanada.ca/checkout/

    I can’t seem to figure out what’s causing this message:

    “Your connection to earthingcanada.ca is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

    The connection uses TLS 1.0.

    The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism.”

    http://wordpress.org/plugins/ssl-insecure-content-fixer/

Viewing 1 replies (of 1 total)
  • Plugin Author webaware

    (@webaware)

    10 years, 4 months ago

    G’day Corey,

    Your theme has a hard-coded reference to Google Fonts (probably in header.php), change it to load with a protocol-free URL:

    //fonts.googleapis.com/css?family=Rambla:400,700,400italic

    Next, CodeArt – Google MP3 Player is loading jQuery UI directly along with its Smoothness theme. You’ll need to hack that plugin to fix it, then tell the plugin author. Change lines 260-261 of index.php in that plugin to read:

    <link rel="stylesheet" href="//code.jquery.com/ui/1.10.2/themes/smoothness/jquery-ui.css" />
<script src="//code.jquery.com/ui/1.10.2/jquery-ui.js"></script>

    (Actually, that’s still a bad way to do it, the plugin author should be using wp_enqueue_script() and wp_enqueue_style() to load scripts and stylesheets, but this hack will get you out of trouble.)

    You’re also loading your footer icons (footer-icons.gif) over HTTP. Can you change that in your theme’s settings?

    cheers,
    Ross

Viewing 1 replies (of 1 total)
  • The topic ‘Stell Getting Insecure Errors’ is closed to new replies.