Http to Https: unsecure due to font issue?

G’day gustoandgecko,

That domain name doesn’t resolve, I can’t look at your website. I suggest that you renew your domain name!

As to your original question, the font face URL is likely buried somewhere in a CSS file, perhaps one generated by your theme. I recommend that you always login to your admin with HTTPS, and then edit / save your theme settings to see if that fixes your problem.

Let me know if you get your domain name working again.

cheers,
Ross

Hi Ross,

The website is back up!

A couple of dumb Qs:
– How do I login with https?
– I had help with building the site initially and not sure where to look and how to change it.

Thanks again!

You can login to your admin with HTTPS on this link:

https://gustoandgecko.com/wp-admin/

Always interact with your site on HTTPS, it will save you grief!

I can see the link to your font right there in the page header, so it should be being caught by this plugin. My guess is that whatever is adding the link to the font (e.g. your theme) has hard-coded it as http: in the code.

It looks like your theme is loading other CSS properly, so I’m wondering if you have a plugin that is loading the Google web font. Or perhaps you have a child theme doing it? If you can track it down, you can get it fixed. Search your website files for https://fonts.googleapis.com

A simple solution should be to change the fixer settings to Capture. You can find them in your admin:

Settings > SSL Insecure Content

cheers,
Ross

Hi Ross,

Thanks for your reply, and sorry to bother you again.

I tried the Capture setting but it wasn’t unsuccessful. However I searched for “https://fonts.googleapis.com” and updated that link.

It’s still showing as unsecure though…?

Any further guidance would be greatly appreciated!

• This reply was modified 6 years, 3 months ago by gustoandgecko.

G’day gustoandgecko,

I’ve looked through the site, and all seems to be OK now — well done. What problem are you seeing, and on which page?

Also, I can see now why Capture didn’t fix it, so thanks for helping me find a bug!

cheers,
Ross

Hi Ross,

When I search https://www.gustoandgecko.com via Chrome on my computer, it still comes up as unsecure (but it’s secure when I use incognito and my friend also confirmed that it’s secure via their computer)? I’ve already cleared my cache.

I also tested the website on https://whynopadlock.com/ and amended my .htaccess file to force HTTPS. Not sure if that’s good step to take…I think the website is taking longer to load.

Are you saying that you still have a problem when you are logged in? If you view the browser console in Chrome, what is it warning about?

Ctrl-Shift-J or ?-Shift-J to view the console.

Do you have the admin bar showing on the front end? Might be something from that, e.g. your avatar. I have some code to clean up avatars, but maybe something on your site is getting around it.

cheers,
Ross

The browser console states:

This page is not secure (broken HTTPS).
Resources – active mixed content
You have recently allowed non-secure content (such as scripts or iframes) to run on this site.
Reload the page to record requests for HTTP resources.

Yes I have the black admin bar showing on the front end (I assume you’re referring to the WordPress bar?). I also just updated a favicon link to https but still getting the unsecure msg (maybe there are other favicon links that weren’t updated?)

• This reply was modified 6 years, 3 months ago by gustoandgecko.

This bit:

Reload the page to record requests for HTTP resources.

^ means that you need to reload the page with the console open, so that you can see what is causing the warnings. Please do that.

If you edit your profile and untick “Show Toolbar when viewing site”, does the warning go away? You can edit your profile in the admin:

Users > Your Profile

cheers,
Ross

I’ve tried reloading the page with the console open. Under the console tab, there’s only this message:

Note: The site owner has disabled Google Analytics tracking for your user role.
jquery-migrate.min.js?ver=1.4.1:2 JQMIGRATE: Migrate is installed, version 1.4.1

And nothing appears to be a problem (no red) under the elements tab.

I’ve also unticked the “show toolbar” but the website is still unsecure.

Thanks again for your help!

G’day gustoandgecko,

Please contact me via my support form. If you can allow me to login to your site, I can have a quick look and advise.

cheers,
Ross

Hi Ross,

I think it’s actually the WordPress toolbar.

I unticked the toolbar when I last wrote to you and just reloaded the site and I didn’t get the error message! I figured reloading with the console open might have helped so I went back to WordPress and reticked the toolbar but the unsecure message came right back.

I’m going to let it sit overnight and see if it loads the site correctly. If it doesn’t, I’ll contact you via your support form. I think we’re close to solving the issue!

In my case, this issue was caused by my caching plugin (W3 Total Cache). Disabling it solved the issue but you may want to keep the plugin and change the font URLs in the CSS file from HTTP to HTTPS.

I came across this issue when the Social Pug plugin stopped showing icons on the social media buttons. The root cause was the caching enabled by W3 Total Cache plugin. If you are in a similar situation, there are three ways to fix the issue:

– Disable W3 Total Cache (not recommended because your website’s performance may decrease)
– Change the font URLs of Social Pug plugin to HTTPS
– In some cases, URL Rewrite rules may cause this issue. Check your .htaccess file

Mixed Content: The page was loaded over HTTPS, but requested an insecure font

• This reply was modified 6 years ago by bluewt.