Insecure content won't just go

G’day Stardrive,

I can’t do much without a link to diagnose; please post here, or if you prefer to keep it private, post to my support form.

cheers,
Ross

Please, I have sent you the link in your support forum

Thank you

Regards,

Stardrive

G’day Stardive,

Wow! That site is loading way too many stylesheets and scripts. Many of them duplicates — I lost count of the number of times it loads a stylesheet for Font Awesome, for example. Too many for me to sit down and debug what’s going on.

With the fixer set to Capture, the http: images on the checkout are fixed, leaving just a couple of Google Fonts links and a rogue otwbm/skins/custom.css link. Those three things are almost certainly hard-coded into one or more of the (many!) stylesheets being loaded.

If you search your .css files for “https://fonts.googleapis.com/css” you should be able to find and fix those (and then tell the authors of the culprits to only ever use https: to load Google Fonts stylesheets).

The otwbm/skins/custom.css link will probably fix itself if you save the settings for whatever that is after logging into the admin with https. If not, you’ll need to track down the file doing that.

Sorry I can’t spend more time looking at this, but… so many! I’d hate to visit that site from a mobile phone…

cheers,
Ross

Hello Ross,

A big thank you for your patience and excellent support.
I will do as you advised and also notify the plugin author to fix rogue otwbm/skins/custom.css link

I noticed that the issue has been largely resolved after you set the fixer to “Capture”, as the green padlock is now showing before https in the checkout page.

Earlier, I was hesitating to set the fixer to “Capture” because this setting has the most impact on memory usage and biggest potential to break things.

Regards,

Stardrive.

G’day Stardrive,

Capture uses more memory, but sometimes you just need a bigger hammer.

The best fix would be to ensure that any images that could load on https: are only ever loaded https:. You can often do that by editing a page or widget. Editing your website logged into the admin on https: can also ensure that most things will load that way on the front end.

The simplest fix for all is to set your whole website to https: so that there is no jumping back and forth and no wiggle room for plugins. Even that won’t fix those two Google Fonts problems though, because they’ll be hard-coded into .css files.

Good luck hunting!

cheers,
Ross

Good day Ross.

Thank you for your response and your candid advise.

1. Since Capture is used on only the checkout page (the only page that is SSL encryted), will the more memory used by capture affect my overall website speed or only the speed of the checkout page?

2. I will also attempt the best fix

3. While I have not adopted the simplest fix for all by setting my whole website to https: is that I felt it might somewhat slow that my website

Thank you

Regards,

Stardrive

G’day Stardrive,

Capture mode won’t affect the speed much (might actually be a bit quicker than Content mode on some websites) but it adds to the memory required for running each page. If you aren’t hitting memory limits, it’s fine. I put the warning there partly to try to get people to find and fix their real issues, and partly to prevent support requests from out-of-memory problems. Capture mode is still useful e.g. for your website, otherwise it wouldn’t be in the plugin.

cheers,
Ross

hello Ross,

i’ve read countless threads on the subject – perhaps i’m plain dumb! ??

i cannot figure out how to fix this very issue. can you help?

the link is https://tribelocus.com/

thank you kindly for any help you can offer. i’m happy to donate to the development.

derek

@derekcurtice: please start your own topic; do not hijack other people’s topics (especially Resolved topics)

Be sure to specify what your actual problem is, and on which pages. I could not see a problem on the page you linked.

cheers,
Ross