XF 2.0 Site not secure?
- Thread starter interforo
- Start date
Gamorreaner
Active member
You need https instead of http. All http sites are shown as unsecure.
interforo
Active member
Ok I have changed the settings of my board to be: https://www.interfans.org/
But still the site shows as not secure
Gamorreaner
Active member
https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox
Not sure how this works myself yet (plan on changing it this or next week myself, since it's a requirement by law to have in europe...). But seems as if just changing it from http to https alone isn't good enough, because some of the content still remains http.
Not sure how this works myself yet (plan on changing it this or next week myself, since it's a requirement by law to have in europe...). But seems as if just changing it from http to https alone isn't good enough, because some of the content still remains http.
Martok
Well-known member
There are various issues with your website.
Firstly, you need to work through this guide to implement https properly:
https://xenforo.com/community/resources/how-to-implement-ssl-to-secure-http-traffic-https.5425/
Secondly, you need to redirect all non-www to www (or vice versa). See point 19 of the FAQ:
https://xenforo.com/community/threads/frequently-asked-questions.5183/post-180456
Thirdly, you need to sort out those errors. That's something that you implemented so you'll have to deal with that yourself.
- Images aren't secure, they are still being served by http. Here's a few (seen if you use Firefox, click on the 'i' next to the URL and then look at more information)
- You have multiple versions of your forum - https://www.interfans.org/forum/, https://www.interfans.org/forum/ and http://www.interfans.org/forum/. All URLs should redirect to a single https version (either the www or non-www version).
- You have multiple errors on your site - some warnings and some errors. Screenshots from the console in Chrome. The error count keeps going up too. That looks related to the ads on your site.
Firstly, you need to work through this guide to implement https properly:
https://xenforo.com/community/resources/how-to-implement-ssl-to-secure-http-traffic-https.5425/
Secondly, you need to redirect all non-www to www (or vice versa). See point 19 of the FAQ:
https://xenforo.com/community/threads/frequently-asked-questions.5183/post-180456
Thirdly, you need to sort out those errors. That's something that you implemented so you'll have to deal with that yourself.
interforo
Active member
https://www.interfans.org/forum/
I am trying to fix the images, but from firefox the ones reported already have https so I don't know what I should fix in order to make my site secure
Please help
I am trying to fix the images, but from firefox the ones reported already have https so I don't know what I should fix in order to make my site secure
Please help
Martok
Well-known member
I don't think it's the images that are the issue. Looking at the source code of your site and then searching for http:// (which you can do with Firefox Inspect element) reveals a bunch of them. Most seem to be from navigation that you have created - Podcast, Most points etc where you must have put a URL with http:// in it, so these need to be updated.
Ozzy47
Well-known member
interforo
Active member
I have fixed the menu, but there is still something that I can't identify
Martok
Well-known member
You still haven't fixed the Most Points, Most Likes and Most Messages navigation links for starters (as I mentioned in my last post). Also some of your ads are serving via http://
Please use Firefox Inspector and search for http:// as this will enable you to identify where the issues are.
interforo
Active member
I have fixed the menu now. Yes adv is http, contacted them! Thanks
Martok
Well-known member
No idea. That's something you must have put in, you'll have to look at customised components (modified templates) in the ACP to see where you added it and where you got it from in the first place (and it'll be there you'll need to find out if you can remove the carousel or not).
Martok
Well-known member
Sorry but I don't have the time to keep coming every time you mention me to sort out your site further. You have the tools already to do this yourself - use the Firefox Inspector and search for http:// as I mentioned previously to find the references where you have insecure URLs. At last glance they appeared to be from adverts, images from your wordpress installation and links to another wordpress installation (different domain from yours). If you do this and just work through these you will get it sorted.
interforo
Active member
I have tried what you said but can’t figure it out. Also the double redirect.
Whenever you can please help
TPerry
Well-known member
Your site is still being served up on WWW and non-WWW domains. You need to choose one or the other and then do a rewrite to force it (it will depend on what HTTP server you are using on how to do this).
That is the very FIRST thing you need to get resolved.
There are plenty of examples available in the support forum here that you can review (simply use the search feature).
If you are using Apache, posting your .htaccess in a BBcode CODE box would help others trouble shoot it.
If you are using another HTTP server (NGINX, LiteSPeed, OpenLIteSpeed) it will be different.
You also have (on your index page) two calls to an image from your WordPress site that is in HTTP format.
You will either need to remove this image or get your WordPress site HTTPS compliant and then point those images at the new HTTPS location.
EDIT:
It looks like that image is already in HTTPS availability, so you simply need to find where you are calling it from and change the HTTP to HTTPS.
That is the very FIRST thing you need to get resolved.
There are plenty of examples available in the support forum here that you can review (simply use the search feature).
If you are using Apache, posting your .htaccess in a BBcode CODE box would help others trouble shoot it.
If you are using another HTTP server (NGINX, LiteSPeed, OpenLIteSpeed) it will be different.
You also have (on your index page) two calls to an image from your WordPress site that is in HTTP format.
http://www.interfans.org/wp-content/uploads/valore_mondiale_2018.pngYou will either need to remove this image or get your WordPress site HTTPS compliant and then point those images at the new HTTPS location.
EDIT:
It looks like that image is already in HTTPS availability, so you simply need to find where you are calling it from and change the HTTP to HTTPS.
Martok
Well-known member
Now you just have to find out what is causing the errors on your site and fix those (point 3 of my first post in this thread).
interforo
Active member
That is completely out of my expertiseNow you just have to find out what is causing the errors on your site and fix those (point 3 of my first post in this thread).
Can you help more?
Similar threads
- Question
