Title: Insecure Elements with hard-coded HTTP assets Last modified: August 30, 2016 --- # Insecure Elements with hard-coded HTTP assets * [Matt Cromwell](https://wordpress.org/support/users/webdevmattcrom/) * (@webdevmattcrom) * [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-elements-with-hard-coded-http-assets/) * I had a client that really loves this plugin. It’s an e-commerce site so we had to force HTTPS for the whole site (which is quickly becoming best practice generally anyway). This was the only plugin that was producing insecure elements. I was able to resolve it by doing a search/replace through the main plugin file for: * find: scr=”http:” | replace with: src=”https: * There were only 4 elements, but since it’s a widget it affected MANY of the pages. * Solution Suggestions: 1) either do a protocol-less link (e.g. src=”//domain. com/image.png”) or 2) or do a function that checks in advance for the protocol 3) Or serve all those assets over HTTPS since they are offsite anyway (to my memory) * [https://wordpress.org/plugins/pinterest-rss-widget/](https://wordpress.org/plugins/pinterest-rss-widget/) The topic ‘Insecure Elements with hard-coded HTTP assets’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/pinterest-rss-widget_c6ccca.svg) * [Pinterest RSS Widget](https://wordpress.org/plugins/pinterest-rss-widget/) * [Frequently Asked Questions](https://wordpress.org/plugins/pinterest-rss-widget/#faq) * [Support Threads](https://wordpress.org/support/plugin/pinterest-rss-widget/) * [Active Topics](https://wordpress.org/support/plugin/pinterest-rss-widget/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pinterest-rss-widget/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pinterest-rss-widget/reviews/) * 0 replies * 1 participant * Last reply from: [Matt Cromwell](https://wordpress.org/support/users/webdevmattcrom/) * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/insecure-elements-with-hard-coded-http-assets/) * Status: not resolved