Insecure URLs

Resolved pmacreative
(@pmacreative)

10 years, 7 months ago

I have 10 insecure URLs.

I had them before and after activating the Really Simple SSL.

6 of them seem to be related to Google fonts and the other 4 are images. When I go to WhyNoPadlock.com it tells me these are the only files keeping my site from being secure. How do I get these pages/files to redirect?

I haven’t touched the “Turn HTTP Strict Transport Security on” option because it seems to be a serious decision to make. Is this related to my problem possibly?

Everything else checks out on the site. Here is the message I see after activating the plugin.

success – An SSL certificate was detected on your site.

success – https redirect set in .htaccess

warning – HTTP Strict Transport Security was not set in your .htaccess. Do this only if your setup is fully working, and only when you do not plan to revert to http.

success – Mixed content detected but that’s ok, because the mixed content fixer is active.
In the tab “detected mixed content” you can find a list of items with mixed content.

Any help would be greatly appreciated.

https://wordpress.org/plugins/really-simple-ssl/

Viewing 12 replies - 1 through 12 (of 12 total)

Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago

Hi, If the insecure content fixer does not fix your resources, the resources are in your css or javascript files, which the plugin can’t fix, or you have a plugin conflict which prevents the ssl plugin from fixing it.

If you send me your domain, I can take a look for you.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

Thanks for the response.

The website is Paul Hunt Law dot com.

The insecure content looks like a few .jpgs and CSS related as you said. This must be something I may have to fix manually. I would be interested to hear your expert opinion.

Thanks!
Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago
I see an @import rule in your inline css for the google fonts, from plugin rs-plugin-settings-inline-css, which you can probably fix in the plugin.

The images are background images, located at a different domain: lawyers attorneys dot vamtam dot com. That is the reason they were not replaced, the plugin assumes all your content is linked through the same domain. It would be best to move these images to your main domain and change the url, which is probably in the (child)theme files, but you can also use a filter for my plugin, which you can add to the functions.php, replace the domain with the domain that is causing the issues:
```
function my_custom_http_urls($arr) {
array_push($arr, "http://www.domain-to-replace.com");
return $arr;
}
add_filter("rlrsssl_replace_url_args","my_custom_http_urls");
```
Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago

Sorry, in my previous post, I said you could also use the filter, but that would only work if the images are located at your own domain as well, which they aren’t. The filter is not meant to replace urls with other urls, only to replace them with the https version.

So, bottom line: you have to move the pictures to your own domain, and change the url to point to that url.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

Ok. That makes sense for the images, but how do you fix the Google font links?

http://fonts.googleapis.com

Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago

The google fonts will also work on https, so if you change the url to https that will be fixed.

You can probably edit this css in the rs-plugins settings.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

Where in the settings can you make the edit? I only see 3 check boxes in the settings.

Also, what is the “Smiling like a Cheshire cat” page that is created with the plugin? Is it needed?

Thank you.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

Also the setting “HTTP Strict Transport Security was not set in your .htaccess. Do this only if your setup is fully working, and only when you do not plan to revert to http” has a triangle with an exclamation point. Is this a setting I need to manage/turn on?

Thank you.

Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago

You’ll have to change the google fonts in the settings of the rs plugin, which I think is the Revolution Slider plugin. You’ll have to look in that plugin’s settings page.

My plugin does not create any pages, so I wouldn’t know about the cat page, probably another plugin.

As for the HSTS setting, that is not necessary, but will improve security. If everything is working fine, you can turn it on.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

In the revslider/inc_php/fonts.class.php

I see the following. Did the RS plugin add?

/**
* register all fonts
*/
public function register_fonts(){

$fonts = $this->get_all_fonts();

if(!empty($fonts)){
$http = (is_ssl()) ? ‘https’ : ‘http’;
foreach($fonts as $font){
if($font !== ”){
wp_register_style(‘tp-‘.sanitize_title($font[‘handle’]), $http.’://fonts.googleapis.com/css?family=’.strip_tags($font[‘url’]));
wp_enqueue_style(‘tp-‘.sanitize_title($font[‘handle’]));
}

Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

10 years, 7 months ago

This part seems to take ssl into account, so I don’t think this is it.
There is some css inserted into your site, rs-plugin-settings-inline-css, which contains the following:
@import url(http://fonts.googleapis.com/css?family=Open+Sans

I would expect there to be some setting in this plugin, or in your theme, where this google font is added. Check every tab and settingspage in the revslider plugin, on the backend of your wordpress admin. It’ll be a database setting, so searching the files won’t help.

Thread Starter pmacreative
(@pmacreative)

10 years, 7 months ago

Thank you for your help. I appreciate you taking the time to answer each question.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Insecure URLs’ is closed to new replies.

Tags