Home Forums Mint Theme Discussion & Support Doesn't work with private ssl

This topic is: resolved

Tagged: 

This topic contains 6 replies, has 2 voices, and was last updated by  Jim 4 years, 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #2901

    Jim
    Participant
    Post count: 28

    Your connection to http://www.yoursite.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

    The connection uses TLS 1.0.

    The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

    The connection is not compressed.

    Even with

    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

    enabled, the error still occurs.
    The BP Default theme works all around, so http must be hard coded in somewhere in this theme. 🙁

    Thanks.

    #2903

    themeweaver
    Keymaster
    Post count: 730

    OK, had a scan through code. We use WordPress url functions for content. I think the most likely cause is the Google Fonts Api. This currently uses http. But I think we need to change this to check for https.

    You could confirm this by doing a View Source on your page and search the page for any http source links.

    Google Api calls will be in head section as link tags.

    Other possible causes would be the twitter or flickr widget that comes with the theme. Remove these widgets for now if you are using them, to eliminate them form causes.

    I think Google Fonts is most likely here and we should be able to fix this. If you can confirm this and any other http in your page source, it would be useful.

    #2908

    Jim
    Participant
    Post count: 28
    #2913

    themeweaver
    Keymaster
    Post count: 730

    Not sure that helped! What is it?

    None of the links in that screenshot have much to do with the theme.

    #2917

    Jim
    Participant
    Post count: 28

    In response to: “You could confirm this by doing a View Source on your page and search the page for any http source links.”

    I was trying copy/paste the code, but themeloom.com converted it to live code.
    So I typed the line number, hit return, and copy/paste where “http” exists on the wordpress homepage with the Mint theme enabled.

    Is there something else in the code I should look for?

    #2920

    themeweaver
    Keymaster
    Post count: 730

    So the image you attached, was all the http references in your source?

    As far as I can see the one in the screenshot are either external references generated by some other plugin you have or links created by WordPress itself.

    I do know that the theme’s reference to Google Fonts could be a cause, probably the only potential one from the theme. We have added a fix for this which will come out in the next release.

    Any chance you could give me a url to look at? Or perhaps do a view source and Save it to a file. You can upload files and attachments via the priority support page : http://themeloom.com/support/priority-support/

    You could also try this plugin :
    http://wordpress.org/extend/plugins/wordpress-https/

    This will try to convert all non ssl references, wherever they come from.

    #2976

    Jim
    Participant
    Post count: 28

    Thank you for suggesting the
    http://wordpress.org/extend/plugins/wordpress-https/
    plugin!

    It works well for the WordPress parts of the site. Many BuddyPress parts of the site were broken and pushed me back to the homepage.

    However, this can easily be resolved by changing the two instances of “http” to “https” in
    /wp-admin/options-general.php as seen here:
    http://i42.tinypic.com/103d3r7.png

    Thank you.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.