Community Support Forums

[accessart]

Hi, we have a pro form within our wordpress page: https://www.accessart.org.uk/?page_id=5394 which directs to a ssl. All fine, except with google chrome we get a mixed elements/some laments are not secure warning because of the references to http, rather than https within our page. Because this is a wordpress install, we can't switch off the widgets on the right hand side which are pointing to external http sites, on this one page. How can we get round this - we can't be the only ones with this mixed elements/wordpress/google chrome thing going on? We can't make a clean page outside our wordpress install because s2member pro sits within wordpress so how do we get round this?

Many thanks

Paula

[Raam Dev]

Hi Paula,

As you probably know, this error is being thrown by your web browser because there are some URLs in the page source that point to non-SSL URLs. If you do a 'view-source' on the Pro Form page and then search for src="http://, any src URLs that are found are the ones causing this error. (When viewing a page using SSL, they should say src="https://.)

The options for solving this are as follows:

Option 1: Disable plugins that are adding non-secure URLs to your WordPress pages (alternately, you can use the Plugin Organizer plugin to disable those plugins on just the Pro Form page)

Option 2: Create a WordPress Page Template that doesn't include your sidebar/plugins/etc., and then assign that page template to your s2Member Pro Form page.

Option 2 will be a bit more complicated because you'll need to manually recreate everything in your <head>, which is usually generated automatically by WordPress (and includes all the stuff plugins add to the <head>).

I hope this helps!

[accessart]

Many thanks Raam,

my understanding was that also any http element on an ssl page (rather than https) would cause an error, is this correct? When i view source code (to get rid of them) there are two http references within s2member itself - one the s2member verified image link at the bottom of the page, and secondly the http to the wiki url about the last three digits on a card...

Would s2member consider making these https?

Many thanks

[Raam Dev]

Anchor tags that refer to non HTTP URLs (such as <a href="http://example.com">link</a>) do not cause the browser to throw messages about mixed elements.

Only HTML tags that are actually loading content from a non-secure URL into the page will cause these mixed element errors. Here are two common examples that would cause problems on an SSL page:

Code: Select all

<img src="http://example.com/photo.jpg"></img>

Code: Select all

<script type="text/javascript" src="http://example.com/something.js"></script>

In both examples, you'll notice the URLs start with src=. It's the src= URLs that are loading the content from that URL into the page. If those URLs point to a non-SSL page from a page that is protected by SSL, you'll get the mixed element warning. The href= URLs are harmless.

So, the link to the wiki URL won't matter (since it's using href=). However, that image URL (src=) will cause problems.

Could you copy and paste the HTML that loads the s2Member verified image? I don't recall any s2Member image code using hard-coded URLs, but I could be wrong.

[accessart]

Thanks for the reply and explanation. Here is the code you requested: (which from above I'm assuming won't cause a problem...?)

<a href="http://www.s2member.com/" onclick="window.open('http://www.s2member.com/s-badges/s-details.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk', '_popup', 'width=752,height=702,left='+((screen.width/2)-(752/2))+',screenX='+((screen.width/2)-(752/2))+',top='+((screen.height/2)-(702/2))+',screenY='+((screen.height/2)-(702/2))+',location=0,menubar=0,toolbar=0,scrollbars=0,resizable=1'); return false;" title="s2Member&reg;"><img src="//www.s2member.com/s-badges/s-badge.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk" style="border:0;" alt="s2Member&reg;" title="s2Member&reg; ( Security for WordPress&reg; )" /></a>

thank you

[accessart]

Can I ask if s2member i pci compliant? Given that any site taking payments within their site (i.e. using paypal website payments pro) and where users stay on their site to input credit card details need to be pci compliant, have any other s2member pro users gone through this process?

As we use the s2member pro plugin (as a pro form) and some of the questions we need to answer to get compliance involve analysing every system component we also need to know if s2member as a plugin is pci compliant?

Many thanks

[Raam Dev]

Can I ask if s2member i pci compliant? Given that any site taking payments within their site (i.e. using paypal website payments pro) and where users stay on their site to input credit card details need to be pci compliant, have any other s2member pro users gone through this process?

As we use the s2member pro plugin (as a pro form) and some of the questions we need to answer to get compliance involve analysing every system component we also need to know if s2member as a plugin is pci compliant?

Many thanks

Answered here: viewtopic.php?f=4&t=16881&p=60741#p60741

[Raam Dev]

Thanks for the reply and explanation. Here is the code you requested: (which from above I'm assuming won't cause a problem...?)

<a href="http://www.s2member.com/" onclick="window.open('http://www.s2member.com/s-badges/s-details.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk', '_popup', 'width=752,height=702,left='+((screen.width/2)-(752/2))+',screenX='+((screen.width/2)-(752/2))+',top='+((screen.height/2)-(702/2))+',screenY='+((screen.height/2)-(702/2))+',location=0,menubar=0,toolbar=0,scrollbars=0,resizable=1'); return false;" title="s2Member&reg;"><img src="//www.s2member.com/s-badges/s-badge.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk" style="border:0;" alt="s2Member&reg;" title="s2Member&reg; ( Security for WordPress&reg; )" /></a>

thank you

That is correct. That code should not cause a mixed elements problem.