Title: Http vs https Last modified: July 10, 2021 --- # Http vs https * Resolved [goufraisusa](https://wordpress.org/support/users/goufraisusa/) * (@goufraisusa) * [4 years, 11 months ago](https://wordpress.org/support/topic/http-vs-https-6/) * The latest version of event calendar causes a PCI compliance scan failures, several times on the page: Vulnerability: HTTPS request can be accessed over HTTP Evidence: DetectionDetails: Vulnerability Found. Page Accessible through HTTP. Request: GET [http://www.goufraisusa.com/events/month/2021-06/](http://www.goufraisusa.com/events/month/2021-06/) HTTP/1.1 Several others are similar This problem didn’t exist before recent update. * I disable the plugin and this series of vulnerabilities disappeared. I also checked to make sure the server was configured correctly in response to the recommended remediation: Examine your Web Server’s configuration to determine why pages that should only be viewable via HTTPS are being served over HTTP. Also, examine the configuration of any applications you have installed to ensure that the proper permissions are in place to prohibit forceful browsing of HTTPS resources over HTTP. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Gustavo Bordoni](https://wordpress.org/support/users/bordoni/) * (@bordoni) * [4 years, 11 months ago](https://wordpress.org/support/topic/http-vs-https-6/#post-14645907) * Hi [@goufraisusa](https://wordpress.org/support/users/goufraisusa/), * Thanks for reaching out to us about this possible vulnerability. * For future reference, please contact us on `security at theeventscalendar.com` to avoid making a vulnerability public, which could impact a lot of users before we have the time to react and put out a fix for the problem. * This specific instance here, it seems like a false positive for the following reasons: - When you deactivate the plugin it disappears due to the URLs no longer being available since the events page is something created but out plugin. - Our plugin doesn’t do any modifications to HTTP or HTTPS in any capacity, that is entirely reliant on WordPress and other plugins you might have that impact this part of the website. * Most likely you will need to investigate your server as well, since HTTP/S problems tend to be related to that part of the website. * Please let us know on the email provided above if you still think this is a vulnerability by providing extra details that allow us to pin point why this is a security problem on our software, so that we can investigate further. * Best Regards, * Moderator [Yui](https://wordpress.org/support/users/fierevere/) * (@fierevere) * 永子 * [4 years, 11 months ago](https://wordpress.org/support/topic/http-vs-https-6/#post-14645936) * closing this topic, as the directions for further private communication were given. * Also see [https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/](https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/) Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Http vs https’ is closed to new replies. * ![](https://ps.w.org/the-events-calendar/assets/icon-256x256.gif?rev=2516440) * [The Events Calendar](https://wordpress.org/plugins/the-events-calendar/) * [Frequently Asked Questions](https://wordpress.org/plugins/the-events-calendar/#faq) * [Support Threads](https://wordpress.org/support/plugin/the-events-calendar/) * [Active Topics](https://wordpress.org/support/plugin/the-events-calendar/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/the-events-calendar/unresolved/) * [Reviews](https://wordpress.org/support/plugin/the-events-calendar/reviews/) ## Tags * [HTTP](https://wordpress.org/support/topic-tag/http/) * 2 replies * 2 participants * Last reply from: [Yui](https://wordpress.org/support/users/fierevere/) * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/http-vs-https-6/#post-14645936) * Status: resolved