mixed content trying to secure ssl on checkout

Fonts from Google are probably being enqueued through your parent theme’s functions.php, which is something your shouldn’t touch. I would advise contacting the theme’s developers with this issue.

Hello,

One dumb idea, but you can call Google fonts in https mode too. Just try with https://fonts.googleapis.com/css?etc…

It will work on Google API side, just adding “s” on http url and you have font certificate. If it’s the only thing preventing to get certificate, it’s really an easy fix.

All that being said, WordPress & most websites will send “mixed content” because it’s stupid to encode in 256 bit hard code pieces of HTML or CSS.

Browsers, most of them, are going to the way where every bit of data should be encoded. Stupid and useless. Even if for very secure content, a simple line of text is text, thus rather easily brokable – that’s why i like mixed content, rather than over-encryption of html and css.

Not to mention hard encryption of js libraries is a nightmare in terms of front-end performance, thus all WP sites using JQuery.

Hope it helps,

Thanks for the input to all.

My problem is that I am working with a theme that has been sold off to another group of people who want me to buy in for support but I plan to move toward a different theme in the coming months so I will wait it out.

I got the idea that I need to change the http to https which seems simple. I just don’t know where that address change is store to change it.

Well in a few lines:
– A unique certificate (https) must be bought through a certified registrar
– Once done, you or your partner/client plug this certificate and make settings, so that thissite.com is associated to the certificate
– (optional) at DNS level, make sure calls to port 80 goes to port for SSL
– finally in WP settings>reading, you can change default urls (2 fields) to fully use https://www.mysite.com
– if bug, make sure the certificate is valid for a given set of ip (yours), and don’t forget dns changes takes a little time to propagate worldwide, you might need to update a bit .htaccess file too, and probably check all posts urls in db (there are hard coded with https://thesite.com/thing, not https://thesite.come/thing)

Hope it helps,

I’ll had even if all this work, you might have “mixed content” warnings, because not everything you use is encrypted, eg like calls in header.php or so, a jquery library that is still called in http mode. Google and Facebook have the same issue.

The important is, you have no warning in browser and you see the good “green” canvas icon – showing most of the content is well encrypted and authenticated.

Thanks for your reply Digico Paris
To your last comment
“The important is, you have no warning in browser and you see the good “green” canvas icon – showing most of the content is well encrypted and authenticated. “

This is my big concern – I do not get a green lock icon. I get a grey lock with a yellow triangle of caution. When I click on the icon I get a message that says “CONNECTION IS NOT SECURE”

By viewing the checkout page as I describe I can see it in the firefox browser.

Also there is only 5 issues being identified in the google chrome console telling me what is coming up that is not secure. 4 of the issues are these silly google font links that I was hoping to find a change for.

Hi Ccarlow,

What’s the update now? Did you fix the silly font issues (google fonts can be called in https so, it shout be fast). How about the last one?

Anyways Firefox and Chrome share the same “alert farms” for https issue so, I’m curious about your input, or ways to solve it.