XF 2.0 Site not secure?

https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox

However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't. For more information about mixed content (active and passive), see this blog post.

Not sure how this works myself yet (plan on changing it this or next week myself, since it's a requirement by law to have in europe...). But seems as if just changing it from http to https alone isn't good enough, because some of the content still remains http.
 
There are various issues with your website.

  1. Images aren't secure, they are still being served by http. Here's a few (seen if you use Firefox, click on the 'i' next to the URL and then look at more information)
    Screen Shot 2018-07-02 at 10.18.43.webp

  2. You have multiple versions of your forum - https://www.interfans.org/forum/, https://www.interfans.org/forum/ and http://www.interfans.org/forum/. All URLs should redirect to a single https version (either the www or non-www version).
  3. You have multiple errors on your site - some warnings and some errors. Screenshots from the console in Chrome. The error count keeps going up too. That looks related to the ads on your site.Screen Shot 2018-07-02 at 10.23.59.webp

    Screen Shot 2018-07-02 at 10.24.18.webp

Firstly, you need to work through this guide to implement https properly:
https://xenforo.com/community/resources/how-to-implement-ssl-to-secure-http-traffic-https.5425/

Secondly, you need to redirect all non-www to www (or vice versa). See point 19 of the FAQ:
https://xenforo.com/community/threads/frequently-asked-questions.5183/post-180456

Thirdly, you need to sort out those errors. That's something that you implemented so you'll have to deal with that yourself.
 
https://www.interfans.org/forum/

I am trying to fix the images, but from firefox the ones reported already have https so I don't know what I should fix in order to make my site secure

Please help

View attachment 179047

I don't think it's the images that are the issue. Looking at the source code of your site and then searching for http:// (which you can do with Firefox Inspect element) reveals a bunch of them. Most seem to be from navigation that you have created - Podcast, Most points etc where you must have put a URL with http:// in it, so these need to be updated.
 
I don't think it's the images that are the issue. Looking at the source code of your site and then searching for http:// (which you can do with Firefox Inspect element) reveals a bunch of them. Most seem to be from navigation that you have created - Podcast, Most points etc where you must have put a URL with http:// in it, so these need to be updated.
I have fixed the menu, but there is still something that I can't identify
 
I have fixed the menu, but there is still something that I can't identify
You still haven't fixed the Most Points, Most Likes and Most Messages navigation links for starters (as I mentioned in my last post). Also some of your ads are serving via http://


Please use Firefox Inspector and search for http:// as this will enable you to identify where the issues are.


Screen Shot 2018-07-03 at 12.05.23.webp
 
One more thing @Martok how do I disable the video carousel that I have at the bottom of interfans.org/forum
I have looked into widget and advertising modules but can't find it. Any idea?
No idea. That's something you must have put in, you'll have to look at customised components (modified templates) in the ACP to see where you added it and where you got it from in the first place (and it'll be there you'll need to find out if you can remove the carousel or not).
 
@Martok hey I have fixed all the adv, but yet forum home not secure.
Threads are secure: https://interfans.org/forum/threads/stefan-de-vrij.2358171/page-19#post-2711485
Please help me investigate more
Sorry but I don't have the time to keep coming every time you mention me to sort out your site further. You have the tools already to do this yourself - use the Firefox Inspector and search for http:// as I mentioned previously to find the references where you have insecure URLs. At last glance they appeared to be from adverts, images from your wordpress installation and links to another wordpress installation (different domain from yours). If you do this and just work through these you will get it sorted.
 
Sorry but I don't have the time to keep coming every time you mention me to sort out your site further. You have the tools already to do this yourself - use the Firefox Inspector and search for http:// as I mentioned previously to find the references where you have insecure URLs. At last glance they appeared to be from adverts, images from your wordpress installation and links to another wordpress installation (different domain from yours). If you do this and just work through these you will get it sorted.
I have tried what you said but can’t figure it out. Also the double redirect.

Whenever you can please help 😃
 
Your site is still being served up on WWW and non-WWW domains. You need to choose one or the other and then do a rewrite to force it (it will depend on what HTTP server you are using on how to do this).
That is the very FIRST thing you need to get resolved.
There are plenty of examples available in the support forum here that you can review (simply use the search feature).
If you are using Apache, posting your .htaccess in a BBcode CODE box would help others trouble shoot it.
If you are using another HTTP server (NGINX, LiteSPeed, OpenLIteSpeed) it will be different.

You also have (on your index page) two calls to an image from your WordPress site that is in HTTP format.
http://www.interfans.org/wp-content/uploads/valore_mondiale_2018.png
You will either need to remove this image or get your WordPress site HTTPS compliant and then point those images at the new HTTPS location.

EDIT:
It looks like that image is already in HTTPS availability, so you simply need to find where you are calling it from and change the HTTP to HTTPS.
 
Top Bottom