webaware
Forum Replies Created
-
@jblakely yes, glad to see you’ve resolved the redirect loop. The plugin can be set to the default HTTPS detection setting once you’ve set the server to handle the detection. It will then only do replacements to clean up insecure content.
If you want to deactivate the plugin, clean up your content using the Better Search Replace plugin as described in Cleaning Up Content.
cheers,
RossG’day,
If you’re using SSL Insecure Content Fixer to fix HTTPS detection (e.g. when behind a proxy server — as it seems you are) then deactivating it will stop the detection fix, and you’ll get a redirection loop.
If you know which method is being used to fix HTTPS detection, you can make the fix permanent and then safely deactivate the plugin.
cheers,
RossForum: Plugins
In reply to: [SSL Insecure Content Fixer] Connection is not fully securedG’day craftpassion,
I can see two problems there.
There’s a form for subscribing via email, and its target address is http
> http://feedburner.google.com/fb/a/mailverify
Are you able to change that? If not, can you ask the plugin writer for that to fix it? Because my plugin can’t tell what external resources support https, I don’t fix forms like that (because they might break!)
Secondly, there’s something adding the Google Tag Manager script to your page via http, and it’s doing it dynamically (via JavaScript) so I can’t clean it up. Do you know what might be doing that, and can you get the developer to load it https? It’ll happily load https (I checked).
cheers,
RossForum: Plugins
In reply to: [GF Windcave Free] Retry failed transactionsG’day,
It’s on my TODO list. It’s a problem I need to resolve for all of my GF payment gateway integrations that run the transaction after the entry is saved, so once I crack that nut the solution will be copypasta’d across the board. Just struggling to find clear time…
cheers,
RossG’day,
It’s being loaded from your stylesheet:
https://ebschott.com/wp-content/themes/pragma/style.css
The usual fix here is to load your wp-admin on https, and edit your theme settings. You might need to replace the header image, i.e. remove and put it back, so that it resets the URL to the image. Saving your theme settings should then rewrite the css file.
If that fails, download the file with FTP, edit, and upload again.
cheers,
RossForum: Plugins
In reply to: [SSL Insecure Content Fixer] images loading on secure contentG’day,
I notice that thereβs some JavaScript-based responsive image handing happening on the page. This plugin cleans up regular image links and HTML5 responsive images, but your site’s JavaScript-based responsive images are slipping through.
I recommend that you run Better Search and Replace to clean things up permanently, as described below. Remember to take a backup first!
https://ssl.webaware.net.au/testing/cleaning-up-content/
cheers,
RossForum: Plugins
In reply to: [Flexible Map] Flexible map use anonymous cookies vΓa google maps?G’day,
Here’s the privacy statement from the next release of this plugin (coming soon!):
Flexible Map embeds Google Maps into your web pages. Please review Google’s Privacy and Personal Information for information about how that affects your website’s privacy policy. By using this plugin, you are agreeing to the terms of use for Google Maps.
The Flexible Map plugin itself does not collect any personally identifying information, and does not set any cookies itself.
Please follow the link above to Google’s information about privacy.
cheers,
RossG’day Alvin,
They all looked pretty good to me, in Google Chrome (Linux) on a laptop with a 1366×768 screen. If you’re still getting this problem, can you please post a link to a sample page/post that exhibits the problem?
I notice that there’s some JavaScript-based responsive image handing happening on the page. That could be altering what you’re seeing on your monitor — it might be picking a lower-resolution image than it should for your monitor size. Check any settings you have for responsive images in your theme or any related plugins.
For a longer term solution to your insecure content problems, I recommend that you run Better Search and Replace to clean things up permanently, as described below. Remember to take a backup first!
https://ssl.webaware.net.au/testing/cleaning-up-content/
cheers,
RossForum: Plugins
In reply to: [Flexible Map] New Google Maps API ImpactG’day mw360,
Each map that uses coordinates or loads a KML file makes one Maps JavaScript API call each time the map is viewed. That happens client-side in the browser, so it’s the same whether the page is cached or not.
Each map that uses an address for its marker requires an address lookup, which uses the Geocoding API. To reduce the number of API hits, the plugin makes that request server-side and caches the answer for up to a week*. It then makes one Maps JavaScript API call each time the map is viewed. If the server-side address lookup was unsuccessful**, the lookup happens client-side in JavaScript, which means an additional API hit each time the map is viewed.
When you use the Directions feature, each time a visitor requests directions, that makes a Geocoding API request in JavaScript.
* “up to a week” means it uses a transient which should hold the information for a week, in theory, but might not if something deletes unexpired transients — e.g. an under-provisioned memcached or redis object store, or just turning on the “object cache” functionality of W3 Total Cache (which borks object caching).
** when initially implemented, server-side address lookups were very successful. Now, it’s hitting request quota limits very quickly without an API key. I’m about to release a new version that lets you set an API key for server-side lookups, if you’d like to try it out:
https://www.dropbox.com/s/3ieytpjrks6gd00/wp-flexible-map-1.14.0-dev.zip?dl=1
If your API key has no restrictions, you will be able to use the same key for both JavaScript and Server API key.
NB: you should have restrictions on your key, otherwise people can copy your key (from the browser) and use it on their website — which means more hits to the API. This means you will need a second key, either unrestricted or restricted by IP address, for the server side queries. More doco coming π
cheers,
RossForum: Plugins
In reply to: [Flexible Map] Error retrieving address: OVER_QUERY_LIMITI have added an additional API key setting for server side queries. Please try it out:
https://www.dropbox.com/s/3ieytpjrks6gd00/wp-flexible-map-1.14.0-dev.zip?dl=1
If you don’t set the Server API key, it won’t do server side queries. If you do, it will use that key for server side queries.
If your API key has no restrictions, you will be able to use the same key for both JavaScript and Server API key.
NB: you should have restrictions on your key, otherwise people can copy your key (from the browser) and use it on their website. This means you will need a second key, either unrestricted or restricted by IP address, for the server side queries. More doco coming π
cheers,
RossForum: Plugins
In reply to: [Flexible Map] Error retrieving address: OVER_QUERY_LIMITActually, my apologies… I think this reflects a change in Google policy about API keys. I’m going to have to start sending the API key for all address queries by the looks of it. New version coming, maybe this month.
cheers,
RossForum: Plugins
In reply to: [Flexible Map] Error retrieving address: OVER_QUERY_LIMITG’day,
It’s resolving on the server side so that it doesn’t resolve it in the browser each time the page is viewed. It should not need to resolve on the server side more than once per week. The result is stored in a transient for a week.
If your site is clearing all transients before they expire, you might get this problem. That might happen if you have an object cache (memcached / redis / etc.) and it’s being used beyond its capacity, and has to dump old objects before they expire. It can also happen if you use W3 Total Cache and enable one of its settings (something about object caching, which basically borks object caching and especially transients).
cheers,
RossForum: Plugins
In reply to: [SSL Insecure Content Fixer] Can’t access my pages from the WP dashboardG’day Greg,
This is why Capture All is billed as most likely to break your website. You need to step down to a setting with less system impact.
The best thing you can do is to fix the root of problem: your content has links to images and other resources that are http not https. The best way to fix this is to use a tool like Better Search And Replace. Read about it:
https://ssl.webaware.net.au/testing/cleaning-up-content/
Once you’ve done that, you should be able to step back to the lowest fixer level, or turn it off completely. Remember to take a backup first!
cheers,
RossSorry for the delay, things got on top of me.
The server is a shared server (host: Conetix, in Australia) but very lightly loaded at the time of the aborted backup. I can dm (Slack) or email you specifics if you need. Here’s a summary:
* WordPress 4.9.5, single site
* no debug mode / log
* Apache server
* MySQL 5.5
* PHP 7.0 with 256MB and:
* Core, date, libxml, openssl, pcre, zlib, bz2, calendar, ctype, hash, filter, ftp, gettext, gmp, SPL, iconv, Reflection, session, standard, SimpleXML, sockets, mbstring, tokenizer, xml, cgi-fcgi, mysqlnd, bcmath, curl, dba, dom, enchant, fileinfo, gd, imagick, imap, intl, json, ldap, exif, mcrypt, mysqli, odbc, PDO, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, redis, soap, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, xmlreader, xmlrpc, xmlwriter, xsl, zip, ionCube Loader, Zend OPcacheThe aborted backup was a zip of the files with standard exceptions + excluding wp-includes, wp-admin; full db; plugins list. The final zip file is 1.14GB. It’s scheduled to run at 3:15am local time according to the website, or 17:45UTC. That night, it was aborted after an hour of inactivity. The schedule is started with wp-cron.
The next day, a db-only backup ran as scheduled at 2:05pm local time, or 5:35UTC. It did its usual database dump, but collected all of the files from the previous aborted backup to create a .tar.bz2 of 1.14GB instead of the usual 3MB.
I’ve since added something to kick along wp-cron periodically, to avoid a repeat of this problem. It hasn’t occurred again.
cheers,
RossForum: Plugins
In reply to: [SSL Insecure Content Fixer] My HTTPS showing Mixed content due to GravatarG’day femi1632,
It shouldn’t be, unless you have a plugin (or your theme) that is replacing the normal Gravatar images with something custom. I found a plugin that does that (WordPress Social Login), so I have been able to replicate the problem, fortunately, and fix it. Here’s a dev copy of the next version, with the fix:
https://www.dropbox.com/s/dr85e7xvwz8k662/ssl-insecure-content-fixer-2.6.0-dev.zip?dl=1
I hope to release it sometime this week. Until then, this copy will likely fix your problem.
cheers,
Ross