• I installed iThemes security and enabled the SSL which was included in my hosting plan. This secured my site, however now my site is showing as not secure. I have tried disabling and then reenabling it but it isn’t working. Does anyone know why this is happening and what I can do about it? Thanks!

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • It’s nothing to do with iThemes Security. You have mixed content on your site (that’s when some of the elements in your page are linked as plain non-secure http:// instead of https:// , and often this is fairly easy to fix).

    In this case, I can see that your site is loading your logo file in your header as non-secure. Your site / theme is loading your logo as:


    Instead of:


    There are a couple of ways to fix that.

    Here’s one easy solution to try – I can tell you’re using the theme Sitka , so you might want to first try going into your theme and removing the logo from the header and then re-adding it.

    That’s easy to do and should fix it, because when you created / added the logo, you did so when the site was not using https:// SSL , so removing and re-adding the logo should now link it as secure https:// instead of plain http://

    – Always download backups of your site and database before making changes.
    – I am not affiliated with iThemes or WordPress in any way.
    – Any solutions I suggest would be at your own risk (I know that sounds scary, but if you grab a backup of your database and a backup of your site files before you make changes to your site, you can restore it if something goes wrong).

    Great, I’ll try that. Thank you so much for looking into this for me!


    Hi dave, I found your response to @sarah533 very helpful!
    I think that I happen to have the same problem. I received a mail about a ‘security problem’ in my site, referencing the following locations:

    XSS-vulnerable in WordPress
    XSS-vulnerable in WordPress

    but I’ve got no clue what this means. Do you perhaps know how to solve this?

    Would love it if you could help!

    – zaid


    On April 29, 2020, WordPress 5.4.1 was released to the public.
    It is a security and maintenance release which features 17 bug fixes in addition to 7 security fixes.

    Seven security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

    List of Files Revised # (Pay attention to the 2 bold files):



    Your site was probably running on WordPress 5.2.5 when you received the email you mentioned. You can ignore that email since 5.2.6 fixed the 7 security issues.

    Oh, I would strongly suggest to update the iTSec plugin to the latest release (7.7.1 – 2020-04-20). Your site seems to be using an outdated release (7.0.4 – 2018-06-27)…

    • This reply was modified 1 month, 4 weeks ago by nlpro.

    @nlpro Thank you very much for your detailed answer! I’ll try to update those points you mentioned.

    Stay safe,


    Update: The problem is fixed by following your guides 🙂 thanks a lot!

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.