Title: Insecure URLs
Last modified: August 30, 2016

---

# Insecure URLs

 *  Resolved [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/)
 * I have 10 insecure URLs.
 * I had them before and after activating the Really Simple SSL.
 * 6 of them seem to be related to Google fonts and the other 4 are images. When
   I go to WhyNoPadlock.com it tells me these are the only files keeping my site
   from being secure. How do I get these pages/files to redirect?
 * I haven’t touched the “Turn HTTP Strict Transport Security on” option because
   it seems to be a serious decision to make. Is this related to my problem possibly?
 * Everything else checks out on the site. Here is the message I see after activating
   the plugin.
 * success – An SSL certificate was detected on your site.
 * success – https redirect set in .htaccess
 * **warning** – HTTP Strict Transport Security was not set in your .htaccess. Do
   this only if your setup is fully working, and only when you do not plan to revert
   to http.
 * success – Mixed content detected but that’s ok, because the mixed content fixer
   is active.
    In the tab “detected mixed content” you can find a list of items 
   with mixed content.
 * Any help would be greatly appreciated.
 * [https://wordpress.org/plugins/really-simple-ssl/](https://wordpress.org/plugins/really-simple-ssl/)

Viewing 12 replies - 1 through 12 (of 12 total)

 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605713)
 * Hi, If the insecure content fixer does not fix your resources, the resources 
   are in your css or javascript files, which the plugin can’t fix, or you have 
   a plugin conflict which prevents the ssl plugin from fixing it.
 * If you send me your domain, I can take a look for you.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605744)
 * Thanks for the response.
 *  The website is Paul Hunt Law dot com.
 * The insecure content looks like a few .jpgs and CSS related as you said. This
   must be something I may have to fix manually. I would be interested to hear your
   expert opinion.
 * Thanks!
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605759)
 * I see an [@import](https://wordpress.org/support/users/import/) rule in your 
   inline css for the google fonts, from plugin rs-plugin-settings-inline-css, which
   you can probably fix in the plugin.
 * The images are background images, located at a different domain: lawyers attorneys
   dot vamtam dot com. That is the reason they were not replaced, the plugin assumes
   all your content is linked through the same domain. It would be best to move 
   these images to your main domain and change the url, which is probably in the(
   child)theme files, but you can also use a filter for my plugin, which you can
   add to the functions.php, replace the domain with the domain that is causing 
   the issues:
 *     ```
       function my_custom_http_urls($arr) {
       array_push($arr, "http://www.domain-to-replace.com");
       return $arr;
       }
       add_filter("rlrsssl_replace_url_args","my_custom_http_urls");
       ```
   
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605766)
 * Sorry, in my previous post, I said you could also use the filter, but that would
   only work if the images are located at your own domain as well, which they aren’t.
   The filter is not meant to replace urls with other urls, only to replace them
   with the https version.
 * So, bottom line: you have to move the pictures to your own domain, and change
   the url to point to that url.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605811)
 * Ok. That makes sense for the images, but how do you fix the Google font links?
 * [http://fonts.googleapis.com](http://fonts.googleapis.com)
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605813)
 * The google fonts will also work on https, so if you change the url to https that
   will be fixed.
 * You can probably edit this css in the rs-plugins settings.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605860)
 * Where in the settings can you make the edit? I only see 3 check boxes in the 
   settings.
 * Also, what is the “Smiling like a Cheshire cat” page that is created with the
   plugin? Is it needed?
 * Thank you.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605862)
 * Also the setting “HTTP Strict Transport Security was not set in your .htaccess.
   Do this only if your setup is fully working, and only when you do not plan to
   revert to http” has a triangle with an exclamation point. Is this a setting I
   need to manage/turn on?
 * Thank you.
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605868)
 * You’ll have to change the google fonts in the settings of the rs plugin, which
   I think is the Revolution Slider plugin. You’ll have to look in that plugin’s
   settings page.
 * My plugin does not create any pages, so I wouldn’t know about the cat page, probably
   another plugin.
 * As for the HSTS setting, that is not necessary, but will improve security. If
   everything is working fine, you can turn it on.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605872)
 * In the revslider/inc_php/fonts.class.php
 * I see the following. Did the RS plugin add?
 * /**
    * register all fonts */ public function register_fonts(){
 *  $fonts = $this->get_all_fonts();
 *  if(!empty($fonts)){
    $http = (is_ssl()) ? ‘https’ : ‘http’; foreach($fonts as
   $font){ if($font !== ”){ wp_register_style(‘tp-‘.sanitize_title($font[‘handle’]),
   $http.’://fonts.googleapis.com/css?family=’.strip_tags($font[‘url’])); wp_enqueue_style(‘
   tp-‘.sanitize_title($font[‘handle’])); }
 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605873)
 * This part seems to take ssl into account, so I don’t think this is it.
    There
   is some css inserted into your site, rs-plugin-settings-inline-css, which contains
   the following: `@import url(http://fonts.googleapis.com/css?family=Open+Sans`
 * I would expect there to be some setting in this plugin, or in your theme, where
   this google font is added. Check every tab and settingspage in the revslider 
   plugin, on the backend of your wordpress admin. It’ll be a database setting, 
   so searching the files won’t help.
 *  Thread Starter [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * (@pmacreative)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605876)
 * Thank you for your help. I appreciate you taking the time to answer each question.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Insecure URLs’ is closed to new replies.

 * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720)
 * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/)
 * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/)

## Tags

 * [HTTPS](https://wordpress.org/support/topic-tag/https/)
 * [redirect](https://wordpress.org/support/topic-tag/redirect/)
 * [SSL](https://wordpress.org/support/topic-tag/ssl/)

 * 12 replies
 * 2 participants
 * Last reply from: [pmacreative](https://wordpress.org/support/users/pmacreative/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-urls/#post-6605876)
 * Status: resolved