[Chris]

Folks,

I’m switching my site over to SSL (like the rest of the world).

In wp-admin, I have no issues.

However, in my regular site, the front page loads a few headers that bork the SSL. I’m working through them.

One of them looks like this:

<link rel='stylesheet' id='cleanretina_google_font-css' href='http://fonts.googleapis.com/css?family=Open+Sans%7COpen+Sans%7COpen+Sans&ver=4.7' type='text/css' media='all' />

I can’t find where Clean Retina loads this stylesheet.

Can you help me to figure this out?

Thanks!

[Chris]

And another place that SSL gets broken is what looks like annoyingly complex inline JS:

!function(a,b,c){function d(a){var b,c,d,e,f=String.fromCharCode;if(!k||!k.fillText)return!1;switch(k.clearRect(0,0,j.width,j.height),k.textBaseline="top",k.font="600 32px Arial",a){case"flag":return k.fillText(f(55356,56826,55356,56819),0,0),!(j.toDataURL().length<3e3)&&(k.clearRect(0,0,j.width,j.height),k.fillText(f(55356,57331,65039,8205,55356,57096),0,0),b=j.toDataURL(),k.clearRect(0,0,j.width,j.height),k.fillText(f(55356,57331,55356,57096),0,0),c=j.toDataURL(),b!==c);case"emoji4":return k.fillText(f(55357,56425,55356,57341,8205,55357,56507),0,0),d=j.toDataURL(),k.clearRect(0,0,j.width,j.height),k.fillText(f(55357,56425,55356,57341,55357,56507),0,0),e=j.toDataURL(),d!==e}return!1}function e(a){var c=b.createElement("script");c.src=a,c.defer=c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f,g,h,i,j=b.createElement("canvas"),k=j.getContext&&j.getContext("2d");for(i=Array("flag","emoji4"),c.supports={everything:!0,everythingExceptFlag:!0},h=0;h<i.length;h++)c.supports[i[h]]=d(i[h]),c.supports.everything=c.supports.everything&&c.supports[i[h]],"flag"!==i[h]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[i[h]]);c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&!c.supports.flag,c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.everything||(g=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings);

I have a feeling that this may be connected to the insecure font reference above.

[Chris]

OK. I figured out what it was. I had to tweak your functions.php file.

First, at the top, I added some code to nuke the stupid WordPress Emoji crap. That’s what caused the import on insecure fonts:

// REMOVE WP EMOJI
remove_action('wp_head', 'print_emoji_detection_script', 7);
remove_action('wp_print_styles', 'print_emoji_styles');

remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
remove_action( 'admin_print_styles', 'print_emoji_styles' );

Next, you had one insecure font include at around line 65:

It was:

  	wp_register_style( 'cleanretina_google_font', 'http://fonts.googleapis.com/css?family='.$cleanretina_google_font_load );

I changed it to:

  	wp_register_style( 'cleanretina_google_font', 'https://fonts.googleapis.com/css?family='.$cleanretina_google_font_load );

[Theme Horse Support Team]

Hi Chris,

Which version are you using? We have already removed http:// from our font family. So install a latest version of our theme from your account page which solves.

Thank you!

[Chris]

You are correct. I was a couple of versions behind.

Strange. I thought I had been keeping up to date.

My apologies.

[Theme Horse Support Team]

That’s great. We always recommended you to stick with latest version.

Thank you

[Author]

Posts