WordPress HTTPS (SSL)
[resolved] pesky favicons causing insecure content (7 posts)

  1. JonnoPrice
    Posted 3 years ago #

    Hi Mike.. Firstly thanks for a great plugin.. and sorry if this has been answered elsewhere - I wasn't able to find the solution myself.

    I know your plugin works because everything was working fine a couple of days ago. I have forced SSL Admin/Login and also on a page to "Submit Content" and got the nice green https..

    Then yesterday, after I had done a bunch of work with installing W3 cache, Cloudflare and a few other plugins I noticed that now I'm getting the dreaded Chrome "Insecure Content" warning when trying to login.

    Seems it is fetching the favicon (twice for some reason) and this is being served over http... I've tried removing your plugin and then reinstalling and activating in the hope it will fix things like it did before but no go.

    I've also purged all caches, on my machine, W3 and on Cloudflare..

    Can you help a brother out?


  2. Mike Ems
    Plugin Author

    Posted 3 years ago #

    Post a link. I can probably tell you where it's at.

  3. JonnoPrice
    Posted 3 years ago #

    Thanks Mike.


    Note: the site is currently locked down (using Restricted Site Access plugin) whilst in development.

    So you should be redirected to the login page which is what I want secure.

    Let me know if you need access and I can create a temp account for you.. Or I can add you IP address to the whitelist.


  4. Mike Ems
    Plugin Author

    Posted 3 years ago #

    After the page loads, an <object> tag with the favicon in the data attribute is created at the end of the body tag. Since the tag does not appear in the source code, it's safe to say that JavaScript is adding this in.

    Try disabling plugins until it stops. It's possible that it's not one plugin, it could be a conflict with two plugins, or a plugin and your theme.

  5. JonnoPrice
    Posted 3 years ago #

    Thanks Mike... will start deactivating plugins and will report back here if I manage to figure out which one it is.

  6. JonnoPrice
    Posted 3 years ago #

    Hi Mike, I've not been able to find a plugin causing the problem..

    Probably a n00b question but..

    Just wondering - using the Google Chrome console - I find that the following error is being logged..

    The page at https://globaltradecompliance.net/wp-login.php displayed insecure content from http://globaltradecompliance.net/favicon.ico.
    10[blocked] The page at https://globaltradecompliance.net/wp-login.php ran insecure content from http://globaltradecompliance.net/favicon.ico.

    Would it make any difference if I simply deleted the favicon? (not that I've been able to find that damn file using FTP.)


  7. JonnoPrice
    Posted 3 years ago #

    hey again.. problem solved - got there in the end.

    Copied a new favicon.ico file to the root directory using FTP.

    then placed the following line in between the <head> tags of the header.php file.

    <LINK REL="SHORTCUT ICON" HREF="https://my-site-name.com/favicon.ico">

    No more unsecure elements :-)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic