SSL pages have elements that are not Secure Hi, I am trying to get Amember working over SSL. The messages I get is that the Amember pages contain elements that are not secure. The source of these messages is that your site also delivers content over http (instead of https only). This is indeed my case but I'm not sure how to fix it. Please allow me to explain: I'm using a Usertrust SSL certificate for my domain which is installed properly. Amember is integrated with WordPress using the config.inc.php & site.inc.php method by @andyb & @kengary as described here http://bit.ly/g0WtHv. The secure Root URL in Amember points to the https version of my site. The http & https documentroot on Apache point to the same directory. When looking at the source of the page, I see elements being loaded over http instead of https. (e.g. http://partner.googleadservices.com/gampad/google_service.js, which is part of my WordPress header.php, hence the 'error messages'). I guess this makes sence as I've integrated Amember with WordPress. So my question is how to load the site over SSL (read: rewrite the WordPress urls to https) and keep using the mentioned integration method between Amember & WordPress? Anyone with some experience in this area? Your help is very much appreciated. Thanks, Alex
Update Closer to a solution but still seeing the 'page contains elements that are not secure' message. A quick update: Just figured out that Google currently does not support a SSL version of their ad code (which is included in my WordPress header.php). See https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 Also found a nice blog posting with more info about redirecting http urls to https versions in WordPress, see: http://prosauce.org/blog/2010/08/enable-complete-support-for-ssl-on-wordpress/ Also started to use Fiddler (http debugging proxy) to help find the cause. Anyone with more experience in this area? Your help is very much appreciated. Thanks, Alex
Check also you are not using images etc in a https: page that are called from an unsecured area on site.
Google Chrome gives a helping hand Hiya, This might be useful for others seeing similar issues; Just found a quick way to see what content is being delivered over http instead of https: Forget Fiddler and use the Developer Tools in Google Chrome (by holding Ctrl-Shift-I), load your site over https and click the 'Console' tab... et voilla: it will tell you what elements are not delivered securely . In my case, it's a bunch of javascript from Google, Twitter Anywhere, Addthis, etc. So my next step is to find a way that either loads the javascript from their https locations - or if there is no https version of the script available- don't load the script at all - when the user accesses the site via https. Has anyone done this before and is willing to share an example? Thanks, Alex
Got it working Hiya, For those looking for a solution, the following if-else statement allows you to load/unload areas in your WordPress header.php dynamically based on whether your site is accessed via https or http. An example for the Google Admanager javascript library (since no https version is availalbe): <?php if(!$_SERVER['HTTPS']){ ?> <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"> </script> <? } ?> This only loads the script when your site is accessed over http. Hope this helps. Thx, Alex
Normally the solution when you are using https is to always call all images, javascript and css files with https in front of them on all templates. You have to go through each line of your templates and make sure they are not ever being called with just http://. It is OK to call them from https:// even if the page loading is http://. No errors are thrown when you do that. But when you do call a page from https:// it just simply cannot contain any calls from http:// or the browser will throw that error. Looks like you ran into the one instance where it was not possible to load something from https:// because that method was not provided. Your solution is great to get rid of the problem. Of course it means you cannot load that particular script when you call your site with https:// but sometimes you have to live with that.