Even after ssl config I get an error on WP dashboard

  • Resolved ananddevops

    (@ananddevops)


    6 years, 6 months ago

    Hello,

    I have configured my site for https. I have also checked the
    WordPress Address (URL) and Site Address (URL) for the url to be https in the general settings. The site redirections for https:// or none is also happening to the correct https:// address.

    Then why do I get an error on the WP dashboard –
    Your store does not appear to be using a secure connection. We highly recommend serving your entire website over an HTTPS connection to help keep customer data secure. Learn more here.

    I can alway dismiss it, but wanted to make sure I am not missing out a WooComm setting for SSL.

Viewing 15 replies - 1 through 15 (of 21 total)

  • You checked the settings inside WC and checked the box that says to force SSL?

    Make sure your don’t have any mix content either or you will not get a green secure

    And provide a url if possible, screenzhot

    • This reply was modified 6 years, 6 months ago by stefsternyc.
    Thread Starter ananddevops

    (@ananddevops)

    @stefsternyc

    Firstly thanks for pointing that out. But it still doesn’t work.

    Let me detail out the steps I followed wrt to your suggestions:

    1. I am using WooComm version 3.4.5
    2. I went to this link – SSL and HTTPS and went to the Advance setting. and looked up WooCommerce Force SSL setting
    But in the Advance setting there is no such specific Force SSL setting.
    3. Then I went to this link – WooComm Config Settings and saw the Page Setup section. Again there is no – Secure Checkout option.

    I went ahead and installed – WordPress HTTPS plugin. And checked the Force SSL setting.

    Also tested the site on SSL server test and got an A rating.

    But the Dashboard stays unaffected and the warning message still appears.

    Any suggestions.

    Can’t be. It has to be there. It’s directly under Terms & Conditions in WC settings.

    See my screenshot

    Thread Starter ananddevops

    (@ananddevops)

    Unfortunately not for me

    See my screenshot

    Oh that’s right. They changed it to where if you’re already loading HTTPS it will hide that from you now. Completely forgot.

    Can you take a screenshot of the initial error please?

    This may sound stupid but make sure you are using the exact domain that the SSL is attached too. Staging sites will not be secured. Make sure no mixed content anywhere.

    • This reply was modified 6 years, 6 months ago by stefsternyc.
    Thread Starter ananddevops

    (@ananddevops)

    Dashboard Err

    And you have a valid SSL certificate keyed on this domain?

    Thread Starter ananddevops

    (@ananddevops)

    Yes. Like I mentioned, tested the site on SSL server test and got an A rating.

    Thread Starter ananddevops

    (@ananddevops)

    And also drawing for what you mentioned –

    They changed it to where if you’re already loading HTTPS it will hide that from you now

    . All seems fine.

    Yes everything is fine with what I said. It will only show if you are not serving on a secure SSL certificate.

    If you have green on every page I wouldn’t worry about it. I would just click dismiss then. Something is throwing that message up but if you’re approved at A plus and you have green on every page there should be nothing to worry about.

    The only thing I could see why that would say that is is that you have mixed content. Especially if you have an image in the backend that has an http in it and not https. A notice like that might popup.

    Thread Starter ananddevops

    (@ananddevops)

    The content is Default StoreFront+WooComm, with NO customization at all. Likelyhood of default content being faulty, can’t really comment. But if it is so – removing the Force SSL for an already loading HTTPS is counter productive.

    To add another layer of security I used the following settings with the WordPress HTTPS plugin. Can’t get harsher than that.

    Oh and btw I have deactivated all other plugins for just incase sake. Barring the basic – Akismet.

    Suggestions?

    What I mean by content and mixed content is like JS files, Image files, CSS files being called by HTTP and not HTTPS. All files under a SSL certificate need to have HTTPS in their call. Otherwise it will trigger a Mixed Content and give you an error.

    Most browsers show a green padlock or secure notice when you are running secure however Chrome 69 is doing away with it this month, actually I believe it just went live this week.

    That’s what I mean by mixed content.

    Again, if you’re secure on every page you have nothing to worry about and that error message might just be a false positive. You could have content in the back that throws a mixed content deal too.

    I like to view source wherever I am and then I do a command F search for anything HTTP and HTTPS and I then write down what I found and fix it from there.

    Thread Starter ananddevops

    (@ananddevops)

    Checking on Mozilla FF latest. Green padlock showing.

    Like I said default content, so the mixed content is also default.

    Don’t know if its a false positive. It is a commerce site and security is a concern, hence wanting to close out maybe possibilities.

    Lets see.

    Thanks though for the suggestions.

    There is no such thing as mixed content default. A site serving an SSL has to be all HTTPS content. You cannot have mixed content at all.

    I am a security expert. This is what I do. I monitored several eCommerce sites. If you share your URL with me I can review better. But again, if everything is green on frontend you’re golden.

    Thread Starter ananddevops

    (@ananddevops)

    No no I meant, since I don’t have any custom content yet, this problem should ideally be the case for all Storefront+WooComm(latest) issue.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Even after ssl config I get an error on WP dashboard’ is closed to new replies.

Tags