Website not Secure

It’s nothing to do with iThemes Security. You have mixed content on your site (that’s when some of the elements in your page are linked as plain non-secure https:// instead of https:// , and often this is fairly easy to fix).

In this case, I can see that your site is loading your logo file in your header as non-secure. Your site / theme is loading your logo as:

https://thelifestylejournals.com/wp-content/uploads/2020/04/logo-blog.png

Instead of:

https://thelifestylejournals.com/wp-content/uploads/2020/04/logo-blog.png

There are a couple of ways to fix that.

Here’s one easy solution to try – I can tell you’re using the theme Sitka , so you might want to first try going into your theme and removing the logo from the header and then re-adding it.

That’s easy to do and should fix it, because when you created / added the logo, you did so when the site was not using https:// SSL , so removing and re-adding the logo should now link it as secure https:// instead of plain https://

Disclaimers:
– Always download backups of your site and database before making changes.
– I am not affiliated with iThemes or WordPress in any way.
– Any solutions I suggest would be at your own risk (I know that sounds scary, but if you grab a backup of your database and a backup of your site files before you make changes to your site, you can restore it if something goes wrong).

Great, I’ll try that. Thank you so much for looking into this for me!

@anotherdave

Hi dave, I found your response to @sarah533 very helpful!
I think that I happen to have the same problem. I received a mail about a ‘security problem’ in my site, referencing the following locations:

XSS-vulnerable in WordPress
/var/www/vhosts/rijschooldonatella.nl/httpdocs/wp-includes/blocks/rss.php
XSS-vulnerable in WordPress
/var/www/vhosts/rijschooldonatella.nl/httpdocs/wp-includes/blocks/search.php

but I’ve got no clue what this means. Do you perhaps know how to solve this?

Would love it if you could help!

– zaid

web:
rijschooldonatella.nl/

On April 29, 2020, WordPress 5.4.1 was released to the public.
It is a security and maintenance release which features 17 bug fixes in addition to 7 security fixes.

Seven security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

List of Files Revised # (Pay attention to the 2 bold files):

/wp-admin/css/about.css
/wp-admin/css/edit.css
/wp-admin/freedoms.php
/wp-admin/images/w-logo-blue.png
/wp-admin/includes/deprecated.php
/wp-includes/assets/script-loader-packages.php
/wp-includes/blocks/rss.php
/wp-includes/blocks/search.php
/wp-includes/cache.php
/wp-includes/class-wp-customize-manager.php
/wp-includes/class-wp-object-cache.php
/wp-includes/class-wp-query.php
/wp-includes/css/media-views.css
/wp-includes/deprecated.php
/wp-includes/formatting.php
/wp-includes/post.php
/wp-includes/rest-api/endpoints/class-wp-rest-controller.php
/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
/wp-includes/taxonomy.php
/wp-includes/user.php
/wp-includes/version.php
/wp-mail.php
/wp-settings.php

Your site was probably running on WordPress 5.2.5 when you received the email you mentioned. You can ignore that email since 5.2.6 fixed the 7 security issues.

Oh, I would strongly suggest to update the iTSec plugin to the latest release (7.7.1 – 2020-04-20). Your site seems to be using an outdated release (7.0.4 – 2018-06-27)…

• This reply was modified 4 years, 10 months ago by nlpro.

@nlpro Thank you very much for your detailed answer! I’ll try to update those points you mentioned.

Stay safe,

-Zaid

Update: The problem is fixed by following your guides ?? thanks a lot!