WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

wordpress security ssl encryption lets-encrypt

Tadas Stasiulionis · Feb 17, 2017 · Viewed 16k times · Source

Could you help me find out what to do with not fully secure message.

I have installed ssl certificate from let's encrypt, but my wordpress homepage has a message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them".

The home page is still in development, with demo content. About what images chrome notification is telling? Something to do with cookies?

Thank you for your answers!

Edit: Does it have to do with the theme itself? Whole wordpress dashboard and login is served over proper secure ssl.

Answer

Sending images via http protocol is what triggers this issue. Using any content from a cdn that does not use https will also trigger this issue. This quote explains it pretty simply (the yellow padlock / warning of unencrypted content/images):

If a yellow padlock appears with a mini yield sign, the likely cause is links in your site still refer to an unsecured page. Make sure that all your images, menu items and links use https in the URL. source

I would use a tool to help identify all non-encrypted file transports. One such tool would be something like Why No Padlock.

WordPress with ssl form let's encrypt, but homepage not fully secure. "Attackers might be able to see images.." message

Answer

Related questions