Wordpress Install - Page is trying to load unsafe script
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Also, in your WP settings page, verify these are "https":
If I di this, unfortunately, I can't get to the blog or admin pages. I get an error stating too many redirects.
-
I just looked again, and seen this as being blocked (but shows a green lock because FF is automatically blocking it):
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Try adding this to the bottom of wp-config.php:
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; }
Added this but no change. Still getting the error. Looks like there are javascript being served via http instead of https.
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
I just looked again, and seen this as being blocked (but shows a green lock because FF is automatically blocking it):
Yeah I changed the theme to sixteen to see if that changed anything but still getting mixed content warnings.
-
I think because my URLs on the Settings tab are still showing HTTP instead of HTTPS, the scripts are being served up via HTTP. But if I change the URLs to HTTPS, browser errors out with too may redirects.
-
@nashbrydges said in Wordpress Install - Page is trying to load unsafe script:
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
Try adding this to the bottom of wp-config.php:
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; }
Added this but no change. Still getting the error. Looks like there are javascript being served via http instead of https.
Did you add use this without the URLs set to https on the main settings page?
-
@tim_g I added the code lines to the bottom of wp-config.php as well as set both fields in Settings to https.
Doesn't work. Get a too many redirects error.
-
@nashbrydges said in Wordpress Install - Page is trying to load unsafe script:
@tim_g I added the code lines to the bottom of wp-config.php as well as set both fields in Settings to https.
Doesn't work. Get a too many redirects error.
Try the code without the urls changed
-
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
-
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
This one?
https://wordpress.org/plugins/ssl-insecure-content-fixer/ -
Force SSL Plugin
https://wordpress.org/plugins/wp-force-ssl/Administrator over SSL
https://codex.wordpress.org/Administration_Over_SSL -
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I used a plugin to fix ssl last time I I’d to do this.
No idea what the plugin was anymore.
This one?
https://wordpress.org/plugins/ssl-insecure-content-fixer/Either this one or
-
@black3dynamite said in Wordpress Install - Page is trying to load unsafe script:
Force SSL Plugin
https://wordpress.org/plugins/wp-force-ssl/This one
-
I recall both names. Not sure which one worked.
-
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I recall both names. Not sure which one worked.
To force SSL you don't need any add-on.
I don't use one for my WordPress sites anywhere.But I can see needing one to properly handle forwarding from a reverse proxy.
I have never used WP behind a reverse proxy so who knows.
-
I'm going to set up an nginx reverse proxy sometime to see what exactly is going on.
-
@tim_g said in Wordpress Install - Page is trying to load unsafe script:
@jaredbusch said in Wordpress Install - Page is trying to load unsafe script:
I recall both names. Not sure which one worked.
To force SSL you don't need any add-on.
I don't use one for my WordPress sites anywhere.But I can see needing one to properly handle forwarding from a reverse proxy.
I have never used WP behind a reverse proxy so who knows.
Correct, this is an issue when it is behind a proxy that is handling the SSL.
I would guess that if you setup WP to use a self signed cert and put that behind the proxy, it would work as you expect.
-
I'm going to have to try those solutions out when I'm back home.
-
I finally figured out where this install went wrong.
When running this command
sudo -u apache wp core download
I was getting this error:Downloading WordPress 4.9.4 (en_US)... Warning: Failed to create directory '/usr/share/httpd/.wp-cli/cache/': mkdir(): Permission denied.
Once I manually created the folder and re-ran the commands right through to the end, everything worked as expected. Now the blog loads as a subfolder to the main site and doesn't have any issues with HTTPS warnings of any kind.
-
@NashBrydges
Change
CustomLog /var/log/access.log combined
to
CustomLog /var/log/httpd/access.log combined