Unsafe plugin: Not using https to load script

Disabling the popup, making it Draft also works – disables the lines this plugin adds to the web page, so my https: site works again.

Just in case it helps, here are all the bad lines added by the plugin – note the https:// links instead of https as used by all other plugins at my site:

<link rel='stylesheet' id='mc4wp-form-basic-css'  href='https://www.example.com/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.min.css?ver=4.2' type='text/css' media='all' />
...
<link rel='stylesheet' id='popup-maker-site-css'  href='https://www.example.com/wp-content/uploads/pum/pum-site-styles-1.css?generated=1520893534&ver=1.7.6' type='text/css' media='all' />

...
var pum_vars = {"version":"1.7.6","ajaxurl":"https:\/\/www.example.com\/wp-admin\/admin-ajax.php","restapi":"https:\/\/www.example.com\/wp-json\/pum\/v1","rest_nonce":null,"default_theme":"1680","debug_mode":"","popups":{"pum-2046":{"disable_on_mobile":false,"disable_on_tablet":false,"custom_height_auto":false,"scrollable_content":false,"position_from_trigger":false,"position_fixed":false,"overlay_disabled":false,"stackable":false,"disable_reposition":false,"close_on_overlay_click":false,"close_on_esc_press":true,"close_on_f4_press":false,"theme_id":1684,"size":"medium","responsive_min_width_unit":"px","responsive_max_width_unit":"px","custom_width":"640px","custom_height":"380px","location":"center top","position_top":"100","animation_type":"fade","animation_speed":"350","animation_origin":"center top","overlay_zindex":"1999999998","zindex":"1999999999","close_button_delay":"500","triggers":[{"type":"auto_open","settings":{"delay":"500","cookie_name":["pum-2046"]}}],"cookies":[{"event":"on_popup_open","settings":{"name":"pum-2046","key":"","time":"19 hours","path":1}}],"id":2046,"slug":"rabais"}},"disable_tracking":"","home_url":"https:\/\/www.example.com","message_position":"top"};
var ajaxurl = "https:\/\/www.example.com\/wp-admin\/admin-ajax.php";
var pum_debug_vars = {"debug_mode_enabled":"Popup Maker: Debug Mode Enabled","debug_started_at":"Debug started at:","debug_more_info":"For more information on how to use this information visit http:\/\/docs.wppopupmaker.com\/?utm_medium=js-debug-info&utm_campaign=ContextualHelp&utm_source=browser-console&utm_content=more-info","global_info":"Global Information","localized_vars":"Localized variables","popups_initializing":"Popups Initializing","popups_initialized":"Popups Initialized","single_popup_label":"Popup: #","theme_id":"Theme ID: ","label_method_call":"Method Call:","label_method_args":"Method Arguments:","label_popup_settings":"Settings","label_triggers":"Triggers","label_cookies":"Cookies","label_delay":"Delay:","label_conditions":"Conditions","label_cookie":"Cookie:","label_settings":"Settings:","label_selector":"Selector:","label_mobile_disabled":"Mobile Disabled:","label_tablet_disabled":"Tablet Disabled:","label_event":"Event: %s","triggers":{"click_open":"Click Open","auto_open":"Time Delay \/ Auto Open"},"cookies":{"on_popup_close":"On Popup Close","on_popup_open":"On Popup Open","pum_sub_form_success":"Subscription Form: Successful","pum_sub_form_already_subscribed":"Subscription Form: Already Subscribed","manual":"Manual JavaScript","cf7_form_success":"Contact Form 7 Success"}};
var pum_sub_vars = {"ajaxurl":"https:\/\/www.example.com\/wp-admin\/admin-ajax.php","message_position":"top"};
/* ]]> */

....

<script type='text/javascript' src='https://www.example.com/wp-content/uploads/pum/pum-site-scripts-1.js?defer&generated=1520893534&ver=1.7.6'></script>

I was not aware of that. Thanks!

@bwooster47 – Thanks for the report and details. I’m actually stumped on this one and have to do some research. We used the recommended method for getting the url to the uploads folder, seems WP doesn’t set that properly to https.

Found a solution with the use of a helper function :). Fix coming soon.

https://wordpress.stackexchange.com/questions/75887/how-to-get-path-to-images-in-the-uploads-folder-to-be-used-in-a-plugin