Archived

This topic is now archived and is closed to further replies.

  • 0

Resolved Ssl Issue


Question

Posted · Report post

Hi folks,

I've read through the other posts in this forum referencing SSL issues and can't resolve. Any thoughts on the following error:

I have my site at sustainablesummer.org setup to force HTTPS and SSL only on certain pages. I have been using Google Chrome Developer Tools to diagnose and I'm getting these errors:

[blocked] The page at https://sustainablesummer.org/apply/ ran insecure content from http://sustainablesummer.org/wp-content/themes/pagelines-template-theme/sections/simple_nav/style.css.

[blocked] The page at https://sustainablesummer.org/apply/ ran insecure content from http://sustainablesummer.org/wp-content/themes/pagelines/sections/navbar/navbar.js.

The pages in question are sustainablesummer.org/apply/ and sustainablesummer.org/apply/apply-now/

Despite the errors, the pages are secure in Google Chrome, but not in Safari or Firefox (haven't tested any other browsers yet).

I am able to get a secure connection on my /login/ and /admin/ pages in Safari and Firefox.

I added this function provided by Simon in a previous post to get Chrome working:

// this function forces ssl

add_filter( 'pless_vars', 'make_ssl_vars' );

add_action( 'pl_force_ssl', '__return_true' );

function make_ssl_vars( $vars ) {

$vars['plSectionsRoot'] = str_replace( 'http://','>http://', 'https://','>https://', $vars['plSectionsRoot'] );

$vars['plRoot'] = str_replace( 'http://','>http://', 'https://','>https://', $vars['plRoot'] );

return $vars;

}

However, when I did this it made most pages in my admin back-end, which were previously secure, not secured.

Relevant plugins are: Better WP Security and Simple 301 Redirects

Any thoughts on solutions?

Thanks!

Jeff

Share this post


Link to post
Share on other sites

21 answers to this question

Posted · Report post

My host is saying there's unsecured content on the page. I checked Google Chrome again and I am still getting this error: https://sustainablesummer.org/apply/ ran insecure content from http://sustainablesu...e_nav/style.css.

When I view the source code there are no links to images or files via the http protocol. Everything is https. Any thoughts on how to resolve? I suppose a better question is:

What is best practice for SSL in wordpress if I want to run just a couple of pages in HTTPS? Should I be modifying .htaccess? Something like this:

RewriteRule ^page1(.*) https://%{SERVER_NAME}/page1$1 [R,L]

Share this post


Link to post
Share on other sites

Posted · Report post

Did you purchase an SSL certificate from your host? Usually when one needs SSL protection, a certificate needs to be purchased.

Share this post


Link to post
Share on other sites

Posted · Report post

Of course! I have the certificate and I'm able to use the https protocol on all pages. No problems there whatsoever. The issue is with "partial encryption" on the pages that I want to open in https. For instance, https://sustainablesummer.org/apply/ I get an error that I am running insecure content from a pagelines theme stylesheet. I either need to figure out how to make that stylesheet a relative link so it opens in https or force it to https. I don't know what the best practice is for this process. I have read through dozens of forums trying to find an answer to this question and still don't know what to do. Thanks for your help!

Share this post


Link to post
Share on other sites

Posted · Report post

You're correct! Don't know how it resolved, but it did. Maybe there was some weird caching issue going on. Thanks! How do I mark this resolved in the forum?

Share this post


Link to post
Share on other sites

Posted · Report post

The topic was marked as resolved.

Share this post


Link to post
Share on other sites

Posted · Report post

Let us know if this is resolved.

Share this post


Link to post
Share on other sites

Posted · Report post

Can you please try deactivating all other active plugins to see if the issue persists?

Share this post


Link to post
Share on other sites

Posted · Report post

This is the problem when you use a plugin to 'fake' an SSL page in wordpress. The framework uses the native enqueue system for styles and scripts, so as far as wordpress knows its non-ssl so just loads the scripts http:// You might try googling around or even asking the plugin author if there is a filter to change all enqueued scripts/styles on your 'SSL' page.

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks Catrina. I deactivated and the errors disappeared. Upon reactivation, there's also no sign of the errors when I open in Chrome even though I'm still using all the same plugins. Which is good, I suppose. However, the site is still only partically encrypted in other browsers. I thought this might be due to a caching issue, but I tried from another computer and wiped the browsers history and receive the partially enrcrypted warning in Firefox. When I open the pages in question in Firefox and Safari, the secure padlock icon appears briefly and then disappears. I don't know if this is a Pagelines issue or something else entirely. Any further thoughts?

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks Simon. Even when I turn off the plugins that are forcing SSL on a page and instead set the site to https for all pages in the wordpress general settings, I still get the partially encrypted errors.

Share this post


Link to post
Share on other sites

Posted · Report post

View the page source now and search for http:// every one is either an image in your content or internal links, all scripts and css is now ssl because wordpress is ssl.

Share this post


Link to post
Share on other sites

Posted · Report post

There are 2 http:// links that I can't seem to get rid of. One is in my Google analytics tracking code and the other is this very strange link: http://gmpg.org/xfn/11 I have no idea what the latter is and it seems like the Analytics code shouldn't be an issue. Any ideas? Thanks so much for your help with this!

Share this post


Link to post
Share on other sites

Posted · Report post

The xfn link is a wordpress link, there is a fllter/action you can use to turn it off.

Share this post


Link to post
Share on other sites

Posted · Report post

From some research on the xfn link, it sounds like this would not cause an SSL error. I can't seem to get this resolved, but it doesn't look like it's a Pagelines issue. Thanks for your help.

Share this post


Link to post
Share on other sites

Posted · Report post

Have you already checked with your host?

Share this post


Link to post
Share on other sites

Posted · Report post

Hi Catrina, It occured to me after my initial post that I should probably check with my host first. So, hopefully I can resolve through them. Thanks for the help.

Share this post


Link to post
Share on other sites

Posted · Report post

Still unresolved. The issues I'm experiencing are very similar to the ones described in this post: http://www.pagelines.com/forum/topic/19972-2-2-1-less-https-problems-stylesheet-calls/page__hl__ssl#entry117048

This file directory is the problem:

wp-content/themes/pagelines/images/

It always opens in http://, even when I disable all plugins and run the entire site in https. Maybe there's something in my Pagelines settings that's causing this issue?

Share this post


Link to post
Share on other sites

Posted · Report post

Let us know what happens!

Share this post


Link to post
Share on other sites