Website not Secure

  • sarah533

    (@sarah533)


    6 years ago

    I installed iThemes security and enabled the SSL which was included in my hosting plan. This secured my site, however now my site is showing as not secure. I have tried disabling and then reenabling it but it isn’t working. Does anyone know why this is happening and what I can do about it? Thanks!

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • anotherdave

    (@anotherdave)

    6 years ago

    It’s nothing to do with iThemes Security. You have mixed content on your site (that’s when some of the elements in your page are linked as plain non-secure http:// instead of https:// , and often this is fairly easy to fix).

    In this case, I can see that your site is loading your logo file in your header as non-secure. Your site / theme is loading your logo as:

    http://thelifestylejournals.com/wp-content/uploads/2020/04/logo-blog.png

    Instead of:

    https://thelifestylejournals.com/wp-content/uploads/2020/04/logo-blog.png

    There are a couple of ways to fix that.

    Here’s one easy solution to try – I can tell you’re using the theme Sitka , so you might want to first try going into your theme and removing the logo from the header and then re-adding it.

    That’s easy to do and should fix it, because when you created / added the logo, you did so when the site was not using https:// SSL , so removing and re-adding the logo should now link it as secure https:// instead of plain http://

    Disclaimers:
    – Always download backups of your site and database before making changes.
    – I am not affiliated with iThemes or WordPress in any way.
    – Any solutions I suggest would be at your own risk (I know that sounds scary, but if you grab a backup of your database and a backup of your site files before you make changes to your site, you can restore it if something goes wrong).

    Thread Starter sarah533

    (@sarah533)

    6 years ago

    Great, I’ll try that. Thank you so much for looking into this for me!

    zaidmurt

    (@zaidmurt)

    6 years ago

    @anotherdave

    Hi dave, I found your response to @sarah533 very helpful!
    I think that I happen to have the same problem. I received a mail about a ‘security problem’ in my site, referencing the following locations:

    XSS-vulnerable in WordPress
    /var/www/vhosts/rijschooldonatella.nl/httpdocs/wp-includes/blocks/rss.php
    XSS-vulnerable in WordPress
    /var/www/vhosts/rijschooldonatella.nl/httpdocs/wp-includes/blocks/search.php

    but I’ve got no clue what this means. Do you perhaps know how to solve this?

    Would love it if you could help!

    – zaid

    web:
    rijschooldonatella.nl/

    nlpro

    (@nlpro)

    6 years ago

    On April 29, 2020, WordPress 5.4.1 was released to the public.
    It is a security and maintenance release which features 17 bug fixes in addition to 7 security fixes.

    Seven security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

    List of Files Revised # (Pay attention to the 2 bold files):

    /wp-admin/css/about.css
    /wp-admin/css/edit.css
    /wp-admin/freedoms.php
    /wp-admin/images/w-logo-blue.png
    /wp-admin/includes/deprecated.php
    /wp-includes/assets/script-loader-packages.php
    /wp-includes/blocks/rss.php
    /wp-includes/blocks/search.php
    /wp-includes/cache.php
    /wp-includes/class-wp-customize-manager.php
    /wp-includes/class-wp-object-cache.php
    /wp-includes/class-wp-query.php
    /wp-includes/css/media-views.css
    /wp-includes/deprecated.php
    /wp-includes/formatting.php
    /wp-includes/post.php
    /wp-includes/rest-api/endpoints/class-wp-rest-controller.php
    /wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
    /wp-includes/taxonomy.php
    /wp-includes/user.php
    /wp-includes/version.php
    /wp-mail.php
    /wp-settings.php

    Your site was probably running on WordPress 5.2.5 when you received the email you mentioned. You can ignore that email since 5.2.6 fixed the 7 security issues.

    Oh, I would strongly suggest to update the iTSec plugin to the latest release (7.7.1 – 2020-04-20). Your site seems to be using an outdated release (7.0.4 – 2018-06-27)…

    • This reply was modified 6 years ago by nlpro.
    zaidmurt

    (@zaidmurt)

    6 years ago

    @nlpro Thank you very much for your detailed answer! I’ll try to update those points you mentioned.

    Stay safe,

    -Zaid

    zaidmurt

    (@zaidmurt)

    6 years ago

    Update: The problem is fixed by following your guides 🙂 thanks a lot!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Website not Secure’ is closed to new replies.

  • 6 replies
  • 4 participants
  • Last reply from: zaidmurt
  • Last activity: 6 years ago
  • Status: not resolved