Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

Tags:

Could you help me find out what to do with not fully secure message.

I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".

The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?

Thank you for your answers!

Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.

like image 993
Tadas Stasiulionis Avatar asked Feb 17 '17 15:02

Tadas Stasiulionis


1 Answers

Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):

If a yellow padlock appears with a mini yield sign, the likely cause is links in your site still refer to an unsecured page. Make sure that all your images, menu items and links use https in the URL. source

I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.

like image 122
Martin Hollstein Avatar answered Oct 25 '22 00:10

Martin Hollstein