Mixed content on SSL connection

This is quite a tricky area, and is not really about s2Member at all. It’s a standard issue with SSL.

However, having been there myself, I’ll ask you two questions:

1. Is the “insecure endpoint” on another installation?

2. Are you loading any images on this page?

Thank you for the reply. Regarding..

1. Is the “insecure endpoint” on another installation?
No

2. Are you loading any images on this page?
Yes, logo and banner.

“It’s a standard issue with SSL.”

If this is the case, not sure I’m understanding why it would say secure in FF & IE but not Chrome. SSL cert I’m using is from Comodo. Any known issues with this SSL vendor and Chrome? Thanks again for any help..

Nothing wrong with Comodo. Different browsers just work differently. Chrome is more exacting.

The issue is almost certainly caused by how you are linking to your images. What I’d try first would be using a protocol-relative link (i.e. leave out the http: and just start with //

If that doesn’t work, I have a third question for you. When did you load these images?

Not sure how I would use a protocol-relative link since images are being inserted via the media library. Maybe a lil’ help understanding this.

As an experiment I removed all images from the page I’m trying to secure, including the site logo. All that’s left is text, S2’s form and secure badge and still getting mixed content in Chrome.

Answer to your last question, I uploaded images prior to installing SSL cert. Maybe a little more info on my setup may help. Ran S2’s ServerScanner .. all green including https:. Here’s the breakdown:

# IS MULTISITE : No

# THEME | VERSION : customizr-pro | v1.1.6# WP VERSION : 4.2.1
# PERMALINK STRUCTURE : /%postname%/

# ACTIVE PLUGINS :
Add Categories to Pages.: 1.0
Admin Costum Login: 1.3
Affiliate Royale MemberPress Edition: 1.4.0
Childify Me: 1.0.8
Cognito Forms: 1.1.3
Email Users: 4.7.2
Global Hide Toolbar: 1.6.1
Limit Login Attempts: 1.7.1
Nav Menu Roles: 1.6.5
Page-list: 5.0
Peanut Butter Bar (smooth version): 1.2.1
s2Member Framework: 150311
Search In Place: 1.0.5
SeedProd Coming Soon Pro: 4.0.7
SEO Redirection: 2.8
SSL Insecure Content Fixer: 1.8.0
Thrive Visual Editor: 1.85
Ultimate Posts Widget: 2.0.3
Wp Cleanup Optimizer Lite Edition: 2.0.35
WR MegaMenu: 1.1.0

PHP Version: 5.3.28
MySQL Version: 5.5.42-cll
Web Server Info: LiteSpeed

WordPress Memory Limit: 64MB
PHP Safe Mode: No
PHP Memory Limit: 256M
PHP Upload Max Size: 80M
PHP Post Max Size: 80M
PHP Upload Max Filesize: 80M
PHP Time Limit: 120
PHP Max Input Vars: 1000
PHP Arg Separator: &
PHP Allow URL File Open: Yes
WP_DEBUG: Disabled

I’m running SSL insecure fixer because I’m also getting js error over ssl and this plugin fixes it. Your help is much appreciated. Thank you!

I’m running SSL insecure fixer because I’m also getting js error over ssl and this plugin fixes it.

Ah, that’s probably where the difference between Firefox and Chrome lies. Chrome doesn’t think it’s fixed. It also means that your problem is different from what mine was.

You will need to use the Console in either Firefox or Chrome to locate the problematic javascript. I find FF easier to use, so would turn off the SSL insecure fixer plugin.

To use the Console, load the page, right-click and select Inspect Element, and then the Console tab. This should give you a list of what’s loading on the page. You are looking for something clearly flagged as bad, probably in yellow (that’s javascript).

You will need to use the Console in either Firefox or Chrome to locate the problematic javascript. I find FF easier to use, so would turn off the SSL insecure fixer plugin.

So I turned off SSL Content Fixer and have the original problem and one I fixed with plugin…

Mixed Content: The page at ‘https://www.mywebsite.com/upgrade/?s2-ssl=yes’ was loaded over HTTPS, but requested an insecure script ‘https://www.mywebsite.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.1’. This request has been blocked; the content must be served over HTTPS.e @ https://www.mywebsite.com/:39

Problem I’m trying to fix…

https://www.mywebsite.com/:651 Mixed Content: The page at ‘https://www.mywebsite.com/upgrade/?s2-ssl=yes’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘https://www.mywebsite.com/’. This endpoint should be made available over a secure connection.

Very frustrating .. not wanting to secure the entire site, just a few pages and Chrome is being difficult. Might be time to submit a support ticket with S2Member to resolve this issue. Thank you for all your help!!

I repeat: this is not an s2Member issue! It is a HTTPS issue that has absolutely nothing to do with s2Member.

In any event, I think the answer is probably quite simple. You need to install the Disable Emojis plugin.

In any event, I think the answer is probably quite simple. You need to install the Disable Emojis plugin.

Works great! Thanks .. still have the second problem though..

Mixed Content: The page at ‘https://www.mywebsite.com/upgrade/?s2-ssl=yes’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘https://www.mywebsite.com/’. This endpoint should be made available over a secure connection.

Guess’n I’m stuck .. if it’s not an S2 issue, but an SSL issue, yet Comodo has no compatibility issues with Chrome, what am I missing? I removed all images from the page yet still have mixed content, maybe it’s the WP template I’m using? I am missing something and it’s probably very simple. Thanks for the help KTS915.

Well, the Emojis issue is actually caused by the latest version of WordPress, which added emojis. That plugin removes them again!

And your remaining issue is not a bug, because that link should be to https://www.mywebsite.com/

So Chrome is right to flag it as insecure.

The answer to this problem depends on identifying the source. Can you work out what it is that is trying to link to that URL? Have you manually added a link, perhaps, and forgotten the s?

I did notice one thing .. when I’m on the secured page, my footer credit URL links back to main site (shows unsecured). I remove the footer credit and still get mixed content. However, I have one footer widget containing links to legal pages and they are unsecured.

When I log into my S2 account (unsecured) and then click the link to “extend” support (purchase), it lands on a secured page (same as what I’m trying to do .. ?s2-ssl=yes). If I run my mouse over their footer links all show https:, this is not the case with my footer links. It seems all site links, or “external” links on the secured page are not converting to https:, yet scripts, css, theme links are all converted to https:.

I got a sneaky feeling it’s the theme I’m using. May try and use one of the recommended themes from S2 or default WP themes just to see if it is. Thanks KTS915..

Simply linking to a non-https URL won’t cause a problem. It’s displaying the content via a non-https link that’s a problem.

So I deactivated all plugins except S2, activated 2015 WP theme and was still getting mixed content. Header link back to homepage was showing unsecured.

I then went to general settings and swapped out http: for https: on WordPress and Site address, still unsecured. I then visited the wordpress install, updated site address to https: and now all secure.

Beginning to think the type of SSL cert I bought is limited, meaning whole site must be secured, just can’t secure individual pages. Thoughts?

Beginning to think the type of SSL cert I bought is limited, meaning whole site must be secured, just can’t secure individual pages. Thoughts?

No, that’s not right. The SSL certificate can’t change an http: link to https: All it does is verify to the browser seeking to visit your site that yours is the domain for which the certificate was obtained.

Similarly, the s2Member attribute ?s2-ssl=yes is designed to force a site that is generally on http: to load a specific post or page over https: It was therefore working precisely as intended. Again, it can’t change any errant links.

So what might have been going on was that you were linking to a file in your media or theme folder. Since your site was set to http: this would be loaded from http: and would cause the mixed content warning.

Since it also affected the default theme, it is probably more likely, though, that you were displaying a search box that was being loaded via http:

In either case, removing the media item or search box would stop the mixed content warnings.

I am using a plugin “Search in Place” .. wondering if this is the culprit. The specific page I’m having trouble with doesn’t have any links other than theme navigation.

I’m not linking to any file, media or otherwise. As expressed earlier I stripped this page down to just text and S2 form. It may very well be the search “form” this plugin generates in place of a standard search with search results on a different, dedicated page. Didn’t think to go full width on the page, knocking out the side bar and search form.

I’m working with a different theme now, removing plugins this new theme has built in via shortcodes. Fingers crossed it get’s resolved. At any rate it was a great learning experience for me so thank you a ton for helping out .. very much appreciated KTS915!!

We had some of the generated s2member CSS copied into one of our CSS files to monkey around with some stuff (know that’s not the best way to do it but it got done) and that had absolute links in the CSS file like this:

https://domain.com/wp-content/plugins/s2member-pro/images/tax-icon.png

That caused the mixed message warning for us. I updated to https:// and it is good again.