custom gravatar links to i2.wp.com causing site to be insecure

  • Parts of my site need to be secure, and they have been. But I’ve just discovered if someone leaves a comment in an area that is supposed to be secure, the custom gravatar causes it not to be. The image URL has i2.wp.com at the beginning of it for some reason. I don’t use Jetpack or photon which is usually the reason for that.

    I even created a new image for a custom gravatar, uploaded it, and changed the name in my theme’s functions.php file, but it didn’t fix the security issue. If I choose one of the other default gravatars, my site is secure.

    Here is the code I’m using in my functions.php file:

    //for custom default avatar
     add_filter( 'avatar_defaults', 'newgravatar' );

    function newgravatar ($avatar_defaults) {
    $myavatar = get_bloginfo('url') . '/wp-content/gallery/graphics/wings.jpg';
    $avatar_defaults[$myavatar] = "wings";
    return $avatar_defaults;
    }

Viewing 8 replies - 16 through 23 (of 23 total)
  • Thread Starter TraciBunkers

    (@tracibunkers)

    So after I made it so the outbrain script didn’t load, did it say the page was secure for you?

    Moderator James Huff

    (@macmanx)

    Ok, one guess, a browser extension may have been causing some persistent caching in Firebug’s console.

    Beyond that though, neither you nor I saw the problem in source, which means the problem is definitely not there. Very strange.

    Moderator James Huff

    (@macmanx)

    Yes, it was a green padlock in both browsers for me.

    Thread Starter TraciBunkers

    (@tracibunkers)

    I’ve checked with Firefox, Safari & Chrome (on a mac), & all of them say they are insecure. I had a friend check on her computer (also a mac) in those 3 & it also said insecure. on my ipad 2, IOS 7.1.1 & iphone 4, IOS 7.1.2, in safari they both say it’s insecure.

    But, a friend checked on his iphone in Chrome & safari, and it showed as secure for him–not sure what IOS he’s on. And some friends on PCs checked, & it’s secure in Chrome & IE.

    For me, using the developer’s tool, I get the same warning in both Firefox & safari about insecure content from https://i2.wp.com/www.tracibunkers.com/blog/wp-content/gallery/graphics/wings.jpg.

    Moderator James Huff

    (@macmanx)

    It’s still secure for me. Did you set it back to its broken state?

    Thread Starter TraciBunkers

    (@tracibunkers)

    I’ve had it back at it’s unsecure state since your first reply. But, I decided it would be best just to delete the comments that were on that page & make it so that people couldn’t comment on it. Now I get the secure padlock.

    Moderator James Huff

    (@macmanx)

    So odd, that works though!

    What bothers me is that you wouldn’t have i2.wp.com without using Jetpack’s Photon module, or a Mosaic Gallery layout (also from the Jetpack plugin), it’s not part of WordPress and requires Jetpack to upload to the CDN (i[#].wp.com is Photon’s CDN), but you said you aren’t using it.

    Very odd that something which requires Jetpack was happening without Jetpack.

    I’m having this same issue. Default gravatars urls are printing as https://secure.gravatar.com/avatar/8787c0eb8a3add2408e3178ab0d35403?s=32&d=%2F%2Fwww.moneyunder30.com%2Fimages%2F2015%2F10%2FMU30_logo_green_200px_sq.png&r=g which should be secure, but that address redirects to https://i2.wp.com/www.moneyunder30.com/images/2015/10/MU30_logo_green_200px_sq.png which is insecure.

    The redirect is not happening on our server, so it has nothing to do with whether we have Jetpack installed (we don’t). Chrome sometimes doesn’t return a mixed content warning for these redirects, but sometimes does.

Viewing 8 replies - 16 through 23 (of 23 total)
  • The topic ‘custom gravatar links to i2.wp.com causing site to be insecure’ is closed to new replies.