Wordpress Install - Page is trying to load unsafe script
-
When I "inspect element" with Chrome, I see these issues:
Mixed Content: The page at 'https://domain.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fblog%2Fwp-admin%2F&reauth=1' was loaded over HTTPS, but requested an insecure script 'http://domain.com/blog/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate&ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://domain.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fblog%2Fwp-admin%2F&reauth=1' was loaded over HTTPS, but requested an insecure script 'http://domain.com/blog/wp-content/plugins/better-wp-security/core/modules/strong-passwords/js/script.js?ver=4087'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://domain.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fblog%2Fwp-admin%2F&reauth=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://domain.com/blog/wp-admin/load-styles.php?c=1&dir=ltr&load%5B%5D=dashicons,buttons,forms,l10n,login&ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://domain.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fblog%2Fwp-admin%2F&reauth=1' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://domain.com/blog/wp-login.php'. This endpoint should be made available over a secure connection.
Mixed Content: The page at 'https://domain.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fblog%2Fwp-admin%2F&reauth=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://domain.com/blog/wp-admin/load-styles.php?c=1&dir=ltr&load%5B%5D=dashicons,buttons,forms,l10n,login&ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
-
Also, in your WP settings page, verify these are "https":
-
Try adding this to the bottom of wp-config.php:
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; }
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Also, in your WP settings page, verify these are "https":
If I di this, unfortunately, I can't get to the blog or admin pages. I get an error stating too many redirects.
-
I just looked again, and seen this as being blocked (but shows a green lock because FF is automatically blocking it):
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Try adding this to the bottom of wp-config.php:
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; }
Added this but no change. Still getting the error. Looks like there are javascript being served via http instead of https.
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
I just looked again, and seen this as being blocked (but shows a green lock because FF is automatically blocking it):
Yeah I changed the theme to sixteen to see if that changed anything but still getting mixed content warnings.
-
I think because my URLs on the Settings tab are still showing HTTP instead of HTTPS, the scripts are being served up via HTTP. But if I change the URLs to HTTPS, browser errors out with too may redirects.
-
@nashbrydges said in Wordpress Install - Page is trying to load unsafe script:
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Try adding this to the bottom of wp-config.php:
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; }
Added this but no change. Still getting the error. Looks like there are javascript being served via http instead of https.
Did you add use this without the URLs set to https on the main settings page?
-
@tim_g I added the code lines to the bottom of wp-config.php as well as set both fields in Settings to https.
Doesn't work. Get a too many redirects error.
-
@nashbrydges said in Wordpress Install - Page is trying to load unsafe script:
@tim_g I added the code lines to the bottom of wp-config.php as well as set both fields in Settings to https.
Doesn't work. Get a too many redirects error.
Try the code without the urls changed
-
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
-
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
This one?
https://wordpress.org/plugins/ssl-insecure-content-fixer/ -
Force SSL Plugin
https://wordpress.org/plugins/wp-force-ssl/Administrator over SSL
https://codex.wordpress.org/Administration_Over_SSL -
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
This one?
https://wordpress.org/plugins/ssl-insecure-content-fixer/Either this one or
-
@black3dynamite said in Wordpress Install - Page is trying to load unsafe script:
Force SSL Plugin
https://wordpress.org/plugins/wp-force-ssl/This one
-
I recall both names. Not sure which one worked.
-
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I recall both names. Not sure which one worked.
To force SSL you don't need any add-on.
I don't use one for my WordPress sites anywhere.But I can see needing one to properly handle forwarding from a reverse proxy.
I have never used WP behind a reverse proxy so who knows.
-
I'm going to set up an nginx reverse proxy sometime to see what exactly is going on.
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I recall both names. Not sure which one worked.
To force SSL you don't need any add-on.
I don't use one for my WordPress sites anywhere.But I can see needing one to properly handle forwarding from a reverse proxy.
I have never used WP behind a reverse proxy so who knows.
Correct, this is an issue when it is behind a proxy that is handling the SSL.
I would guess that if you setup WP to use a self signed cert and put that behind the proxy, it would work as you expect.