Title: Insecure Script in
Last modified: January 8, 2021

---

# Insecure Script in

 *  Resolved [rsmith81](https://wordpress.org/support/users/rsmith81/)
 * (@rsmith81)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/insecure-script-in/)
 * When you view my website [https://metaskil.com](https://metaskil.com) using development
   tools through Google Chrome, there is a warning message –
 * Mixed Content: The page at ‘[https://metaskil.com/&#8217](https://metaskil.com/&#8217);
   was loaded over HTTPS, but requested an insecure script ‘[http://www.cntr-di7.com/js/59742.js&#8217](http://www.cntr-di7.com/js/59742.js&#8217);.
   This request has been blocked; the content must be served over HTTPS.
 * I’m not looking to enable the script, does anyone recognise it, what is it used
   for?
 * I found it in the HTML <head>. I have contacted the theme creator and it’s not
   from them.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Finsecure-script-in%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Moderator [tobifjellner (Tor-Bjorn “Tobi” Fjellner)](https://wordpress.org/support/users/tobifjellner/)
 * (@tobifjellner)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/insecure-script-in/#post-13881358)
 * That sounds like a payload from some hacking.
 * Any plugin, mu-plugin, or code in your theme (or somewhere else by referring/
   editing global parameters/settings…) may be injecting this.
 * Carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/)
   and [start backing up your site](https://wordpress.org/support/article/wordpress-backups/).
 *  Thread Starter [rsmith81](https://wordpress.org/support/users/rsmith81/)
 * (@rsmith81)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/insecure-script-in/#post-13881513)
 * I found the plugin that was inserting the code, it was from Lead Forensics so
   I have deactivated the plugin.
    -  This reply was modified 5 years, 4 months ago by [rsmith81](https://wordpress.org/support/users/rsmith81/).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Insecure Script in’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 2 participants
 * Last reply from: [rsmith81](https://wordpress.org/support/users/rsmith81/)
 * Last activity: [5 years, 4 months ago](https://wordpress.org/support/topic/insecure-script-in/#post-13881513)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics