How to find the image with an insecure url

  • Resolved xps20

    (@corneliusw)


    4 years, 8 months ago

    My SSL is not working completely due to one image.

    An image with an insecure url of “https://domain.com/wp-content/uploads/2020/02/5-2.png” was loaded on line: 630 of https://domain.com/.
    This URL will need to be updated to use a secure URL for your padlock to return.

    This file does not exist on server. I deleted theme and added it again. No change. I am not able to do a search in file manager to find a line that contains this PNG file.

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Check in your theme’s CSS files the theme and Custom CSS in the customizer. It might also be in a theme option someplace.

    Hi @corneliusw,

    It appears that this link is contained in your WordPress database or in a cache somewhere.

    My suggestions would be:

    1) Make sure that you clear all forms of cache including your browser cache, your WP cache (your WP caching plugin if you have one), and your server cache, if you have one.

    2) If the problem still exists then there will be a URL in your database that needs updating.

    If you have ssh and wp-cli access you can use the following commands in your web root folder (usually /public_html). 

    wp db export safe_backup.sql
wp search-replace 'https://airpodses.com/wp-content/uploads/2020/02/5-2.png' 'https://airpodses.com/wp-content/uploads/2020/02/5-2.png' --all-tables

    This will replace the insecure URL in your database with a secure version. Note: please immediately move or delete the saved safe_backup.sql file from your public_html folder to ensure it’s not web accessible.

    If you want to catch any other insecure URLs you could do a more global wp-cli replace such as:

    wp search-replace 'https://airpodses.com/wp-content/' 'https://airpodses.com/wp-content/' --all-tables

    …which will replace any insecure URL’s for content in the wp-content folder starting with the secure https:// equivalent.

    If anything goes wrong you can instantly restore the originally saved database by running:

    wp db import safe_backup.sql

    WP-CLI is extremely powerful for doing things like this. With that said I highly recommend practicing on a test server or staging server first rather than a production site until you have enough experience. ??

    3) If you don’t have WP-CLI access you can use a WordPress plugin to do a search and replace in the database. For example the Blue Velvet Update URL’s plugin here: https://www.ads-software.com/plugins/velvet-blues-update-urls/. Again, please make sure you backup the database before replacing any URL’s in the database so you can roll back if needed.

    Hope that helps.

    Thread Starter xps20

    (@corneliusw)

    @phillcoxon can you edit post to remove domain address. Thank you.

    Thank you for looking to assist. After reading both comments I dig some digging around and the elementor plugin had a Tools option. From there I could update site address. I installed using http and didn’t change it to https until later. Thank you.

    • This reply was modified 4 years, 8 months ago by xps20.

    Hiu @corneliusw,

    It appears I’m not able to modify my previous reply (perhaps because the thread has been marked as resolved?). I’ll request a moderator review and remove your domain manually.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I’m sorry but no. Unless it is an extreme case, posts and replies are not edited here.

    Forum topics will only be edited or deleted if they represent a valid legal, security, or safety concern.

    See https://www.ads-software.com/support/guidelines/#deleting-editing-posts and https://www.ads-software.com/about/privacy/

    Moderator James Huff

    (@macmanx)

    @corneliusw you were already given your answer above.

    There is no further need to report this: https://www.ads-software.com/support/guidelines/#the-bad-stuff

    Thread Starter xps20

    (@corneliusw)

    There’s no method I can find to reach support direct. This is a security issue having domain here, hence why a short URL was used in original post. It does not take much effort to edit a post and replace the domain with XXX, unless you keep it for SEO purposes at the expense of posters? There is no request for deletion of a thread or post, a simple edit of three words. I hope this simple request can be done to protect the business represented. Thank you.

    Moderator James Huff

    (@macmanx)

    We do not consider the existence of a URL to be a security issue: https://www.ads-software.com/support/forum-user-guide/faq/#my-post-shows-up-on-a-search-for-my-domain-will-you-delete-my-post-or-my-link

    Thread Starter xps20

    (@corneliusw)

    I guess it’s a good thing your not on the security team. The address is hidden on the original post, it’s the reply from someone looking to assist that’s the issue and has Google picking it up when you search the name on the first page results. Take a look at screenshot https://i.imgur.com/FjMNIT9.jpg . So it has been scraped which is what I was looking to avoid. I hope you can assist with such a simple matter. If not I guess I’ve learn my lesson to not even use short urls to link to any website so that a person responding to help doesn’t link to original domain in their advice.

    Moderator James Huff

    (@macmanx)

    You have already received your answer, detailed in the linked https://www.ads-software.com/support/forum-user-guide/faq/#my-post-shows-up-on-a-search-for-my-domain-will-you-delete-my-post-or-my-link

    To be clear, we absolutely do not consider SEO to be a security concern.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘How to find the image with an insecure url’ is closed to new replies.

Tags