Hi bdbrown and many thanks for your response, it certainly put me on the right track. First off, let me aplogise to the theme creators for suggesting the issue was with hueman theme. As you pointed out it was aweber. (and one other)
Here’s what I did to resolve the issue
I first went to Aweber and saw that:
—-
Does AWeber Support HTTPS/SSL Sign Up Forms?
April 21, 2015 00:32
Yes, AWeber sign up forms fully support HTTPS/SSL submissions. If your site is HTTPS/SSL, publishing AWeber sign up forms to the site would not adversely effect the security of the site. If your website is not HTTPS/SSL, you can still publish AWeber sign up forms to your site without issues.
—-
Great! I replaced the updated java script form from aweber — but still had an insecure site.
As it turns out the issue was with the content in the sidebars (which didn’t publish in 2015 theme).
1. I went into hueman settings and selected full page (no sidebars) as global.
2. The website immediately was shown as secure.
3. I added one side bar — still secure.
4. Added 2nd sidebar — now insecure.
5. I moved all widgets from sidebar to inactive — site secure.
6. I added one after another until I got the insecure message again.
There was also another widget with an insecure image that I have now removed from the sidebar — site secure.
I put the aweber widget back in and the site was insecure again!
After much googling and checking aweber FAQs there was no result. I even tried installing the WordPress plugin. No luck.
After 3 hours of frustrating searching and trial and error I decided to try the Aweber Raw HTML Snippet (Advanced Design Customization) rather than the Javascript Snippet (The Quick and Easy Version). The javascript is easier to use as you update the design in Aweber and it auto updates on the site.
RESOLVED: Once I replaced the Aweber javascript with the Raw HTML Snippet, the site was giving no more mixed content errors due to aweber.
Thanks again for your help!
