Mixed Content Issue?
Firefox browser blocks unsafe content by default. I have FX ver.42 up to date. Security icon at my WordPress blog has a yellow exclamation on the lock, which means I have “mixed content” (http and https) on my pages and it is causing some users at Facebook to get warnings from their security software that my site is not safe, despite the fact that URLvoid.com with 30 scanners repeatedly scans my site 100% clean of malware. I assume, since it is a simple recipe blog, it is my recipe photos that are the culprit? How can I get back to a green lock (safe) icon in FX? Is there a setting I need to change? Can WordPress not display ALL content in https format? I’m getting tired of having to try to explain to users that WP isn’t displaying all content in a safe manner. They are disinclined to turn off their security software warnings for my page at WordPress. I thought with all the new security implementations last year the server was “safer”, as a helper here explained to me.
The blog I need help with is buttoni.wordpress.com.
I have the same thing happening on my blog at
https://onecoolsite.wordpress.com/. There is see an image on the admin bar of a lock with a triangular yellow warning icon.
I do not see one on https://onekoolblog.wordpress.com/ which is registered under https://en.forums.wordpress.com/profile/thistimethisspace
I don’t get it and I need help to remove that.
When we need Staff help with issues Volunteers cannot resolve like this one we type modlook into the sidebar tags on our forum threads. How do I get a Moderator/Staff reply for my question? https://en.support.wordpress.com/getting-help-in-the-forums/#how-do-i-get-a-moderatorstaff-reply-for-my-question Then we subscribe to this thread so we are notified when they respond. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it.
I can see it on your blog; I can see it at my blog. I went out and saw on the Mozilla site the best way to correct this is for the hosting site to transmit ALL page content in HTTPS. Thus my forum post for help from WordPress staff. If you go into Firefox about:config and try to tell FX to stop blocking the unsafe HTTP content (blocking it is the default in FX) , you are unblocking that protection universally for ALL browser page displays. I don’t think anyone in their right mind would do that option. At least I wouldn’t want to. So I’d really like a Mod or WP Happy Engineer/programmer to address this issue. It didn’t happen that I know of before all the HTTPS changeover stuff last spring, or whenever that occurred. I’ve had no end of issues posting my recipes at Facebook ever since those WP changes. Grrr.
I see you did the “modlook” tag for me. Thank you. And I am subscribed by default. I eagerly await their reply. :)
I believe the issue, for you, is that https://onecoolsite.wordpress.com/ contains insecure assets, e.g., http://free-website-translation.com/img/fwt_button_en.gif. https://onekoolblog.wordpress.com/ does not.
If you use the Error Console — you’d probably need to use Developer Tools for Firefox, or Safari — you’ll see a number of content warnings:
[Warning] The page at https://buttoni.wordpress.com/ was allowed to display insecure content from http://i217.photobucket.com/albums/cc278/buttonbutt/Miscellaneous/Volume4and5covers-1.jpg. (buttoni.wordpress.com, line 3124) [Warning] The page at https://buttoni.wordpress.com/ was allowed to display insecure content from http://i217.photobucket.com/albums/cc278/buttonbutt/Miscellaneous/LowCarbHitParadePhoeo.jpg. (buttoni.wordpress.com, line 3125) [Warning] The page at https://buttoni.wordpress.com/ was allowed to display insecure content from http://stalkerville.net/badge/stalkerville-badge-mygallery-150x150.png. (buttoni.wordpress.com, line 3127) [Warning] The page at https://buttoni.wordpress.com/ was allowed to display insecure content from http://verygoodrecipes.com/images/misc/verygood-badge.png. (buttoni.wordpress.com, line 3129) [Warning] The page at https://buttoni.wordpress.com/ was allowed to display insecure content from http://cdn.printfriendly.com/icon-print-friendly-16x16.png. (_static, line 4)
The easiest way to avoid these kinds of issues is to avoid hotlinking images like this. You should try downloading the images, uploading them to your WordPress media library, and insert them from there. (So long as you have the right to use such images.)
OK, I can try that. But those images have been on my blog page for 6 years now and this probem JUST STARTED happening in the last year maybe? I think there is more to this issue than that. But I’ll get rid of those images for now. Thanks for your help.
I don’t know anything about how to use Developer tools and If I have to use them to make WordPress work like it did before. no thanks. I just went in removed all sidebar images via the Admin page, Widgets page and dragged them over to the inactive area. But the FX warning about unsafe content persists. Now I KNOW the Print Friendly icon is not the issue. Like I said, that icon has been there for years and this problem just started! Please investigate further.
You say I need to insert downloaded site badges and images to my WP media files and insert from there. But that only puts them into a new recipe post. I need them to reside permanently in the MARGINS of all pages on my blog not on a recipe posting! Am I missing something here? I thought the only way to do that was via the sidebar image and text widgets and that process requires I paste the pre-coded web-badge string into the appropriate blank in the widget entry screen. I’m only an intermediate knowledgeable PC user, but I don’t see how pasting that code or downloading an image into a recipe post “directly from my media files” gets picture or text into the MARGIN of my blog page.
Honestly, if I knew how to use developer tools and re-write website badge code, I wouldn’t be using WordPress at all. I’d develop my own site. I use WP precisely because I do NOT know how to do such things. But all that aside, the plain and simple here is this problem did not exist until recently. What I do know is the sidebar widgets and images worked without rendering an “unsafe content” security warning in FX. Sorry, but I don’t think the content I’m copying/pasting from websites for their site badges is unsafe. I think how you guys are serving it up when people link to my site is the problem. Do I just need to put an “s” on the “http” links in those widgets to accomplish that?
I pasted those error messages, so you didn’t need to use Developer Tools.
But all that aside, the plain and simple here is this problem did not exist until recently. What I do know is the sidebar widgets and images worked without rendering an “unsafe content” security warning in FX.
It’s a recent development, because it sounds like Firefox updated the way they handle “mixed” content. That is, a webpage whose content includes assets served by HTTP and HTTPS.
Sorry, but I don’t think the content I’m copying/pasting from websites for their site badges is unsafe. I think how you guys are serving it up when people link to my site is the problem. Do I just need to put an “s” on the “http” links in those widgets to accomplish that?
We’re serving all our assets via HTTPS, which is a safer protocol. The issue is that you’ve embedded images that are served over HTTP. You can try adding the “s”, as you mention. Depending on whether the other sites support it, that’ll do.
Otherwise, you’ll need to upload the images to your media library as I recommended.
You can insert them in a post or page. But you can also embed them anywhere on your site by obtaining the URL to the image. You can get the URL, after you upload the image, by clicking on the “Edit” link toward the right of the list of files that are uploaded. It’ll open the image, and you’ll see a “File URL” listed.
Chris, I eliminated the widgets yesterday. This evening, I went in and disabled the print friendly service on my Sharing settings. I then went to PrintFriendly.com and re copied the URL for the site and icon and added that service back yo my page. All I did was add the “S” to the “http” in their coding and it IS printing recipes just fine and I now have an FX green icon atop my webpage. WOO HOO!!! (fingers crossed). Since that worked, I might just try that tact with the other deactivated HTTP coded widgets I removed yesterday. Hopefully, my FX green lock icon will stick around. Thanks for letting me know adding the “s” would solve it. Apparently PrintFriendly does support https, but their button code still reads HTTP. I want to apologize for coming across angry, but all this technical stuff really is usually over my head. To make my day worse yesterday, Facebook has a current issue for 3 days now affecting random accounts that is preventing me and a bunch of others with business pages from being able to see their own pages, or post anything. A workaround I tinkered around and stumbled on is all I have to get in the back door to view and post there. And at FB the HELP folks never respond to HELP tickets quickly like you folks here at WP do, often not at ALL!. I shouldn’t take that out on you in my reply, however. Again, my apologies. Now I’m off to try to fix those other widgets the same way. Hopefully those sites support HTTPS as well. :) Have a nice evening, Chris.
Well 2 out of 4 ain’t bad. :) I’ll just do without those other unless those sites can help me, or I can try your other method. :)
I’m so glad you’re making progress on this. Please let me know how it goes, and whether you can use a hand!
Thanks. I’m calling it a night and will try my hand at the other 2 widgets tomorrow. Appreciate the help if I should need it, Chris.
Sure thing :)
I think you can mark this thread as “resolved” now, Chris. Thanks.
The topic ‘Mixed Content Issue?’ is closed to new replies.