3

As said on the title, whenever I log to my admin page in Wordpress I get this notice in console:

Mixed Content: The page at 'https://site-url' was loaded over HTTPS, but requested an insecure favicon 'http://site-url/wp-content/uploads/2017/06/cropped-cropped-logo-square-192x192.png'. This content should also be served over HTTPS.

Also, I tried to load another favicon using Appearance->Customize, but it is still loaded over HTTP. Is this a Wordpress bug? or how can I solve this so this warning does not appear?

cristiancastrodc
  • 188
  • 1
  • 13
  • I have seen that before, never minded it much. The https error only comes from wp-admin, correct? Do you have any redirects in place? eg: http -> https forwarding? Could it be a plugin? Or even a server-setting? – admcfajn Jun 18 '17 at 05:36
  • Yes, it is only on wp-admin. I have configured htaccess for HTTPS using [this](https://stackoverflow.com/a/36475195/4974674). Site works fine with https but Chrome does not show the 'Secure' label at the url bar, so I'm concerned that this could cause a security issue. – cristiancastrodc Jun 19 '17 at 13:36
  • What's the actual website? Is it visible online? I could check it out. – admcfajn Jun 19 '17 at 21:11
  • I went down the rabbit hole to see what could be causing this and it seems related to this old bug: https://core.trac.wordpress.org/ticket/25449. – MarcGuay Feb 12 '20 at 16:46
  • It could also be caused by having the `WP_CONTENT_URL` constant set with a hardcoded "http" in your wp-config file. – MarcGuay Feb 12 '20 at 17:15

1 Answers1

1

For everyone still searching:

Go to: Settings - General and change http to https in both URLs

Tomek
  • 39
  • 1
  • 4