losing images after SSL installed

I've just installed a SSL cert on 3 of the domains in my multisite and I find when visiting the https URL of each, some of the images are missing. The images all appear fine on the same http URLs. I've tried different "force URL" settings in domain mapping with no change in results. I noticed that all my image URLs in my media library refer to the sub domain address in my multisite which don't have a SSL. However some of the images are served to https pages and some or not. How can I correct this?

  • Luís

    Hi @lbartley,

    Hope you're doing well today!

    Not sure, but, when you enable HTTPS it can block some elements that are not secure, but was reported some issues in loading images when using SSL after the upgrade to WordPress 4.4.

    Can you try the solution given in the below article:

    http://wptavern.com/how-to-fix-images-not-loading-in-wordpress-4-4-while-using-ssl

    This plugin can help you to solve most insecure content warnings too:

    https://wordpress.org/plugins/ssl-insecure-content-fixer/

    Cheers, Luís

  • Tyler Postle

    Hey Larry,

    Following up on this thread based on what Adam said here: https://premium.wpmudev.org/forums/topic/i-have-a-strange-redirect-going-on#post-1051844

    This is definitely related to why you are sometimes losing the header on the login page. Basically your header image is loaded over http and still using your original domain instead of https over the mapped domain. I tested this on my install, but it was swapping in the mapped domain https url correctly for me, so I'm thinking this must be a conflict.

    None of your plugins look like they would be an issue, I wasn't able to test with your child theme though. I did test with your parent theme as I could grab it from wp.org repository and didn't have any issues there, could you temporarily swap to your parent theme and see if the missing header issue still happens when you load your mapped domain over https?

    If so, then please send me in your FTP and I'll troubleshoot further:

    You can send that privately through our contact form: https://premium.wpmudev.org/contact/

    Select "I have a different question" for your topic - this and the subject line ensure that it gets assigned to me.

    Send in:

    Subject: "Attn: Tyler Postle"
    -WordPress admin username
    -WordPress admin password
    -login url
    -FTP credentials (host/username/password)
    -link back to this thread for reference
    -any other relevant urls

    **If you keep support access active then no need to send in wp-admin

    I checked the emails you sent in already but didn't see your FTP in any of them. Hopefully I didn't miss anything.

    Look forward to hearing back!

    Cheers,
    Tyler

  • lbartley

    Thank you Tyler-

    I've been watching this for several days and this doesn't seem to be an issue now. The images are all displaying fine and I'm not receiving the "Untrusted Site" message when moving around on the site and none of our visitors are complaining about it. I have noticed though that I'm not seeing the green padlock on any of the pages now. When entering https before the address it's reverting instantly to the http version in my address bar. I have ran https://risingstarentertainmentnetwork.com through SSLShopper.com and it advises SSL is good. If you could please verify that SSL is functioning correctly for Membership Pro on this site we can call this ticket resolved.

    I appreciate your help,
    Larry

  • Tyler Postle

    Hey Larry,

    It looks like your site is forced to http:// right now, so it's not using https at all. Could you grant support access so I can have a closer look at your settings?

    This likely has more to do with Domain Mapping settings than Membership 2. Are you wanting your whole to load over https? Or only the membership checkout/signup?

    Look forward to hearing back :slight_smile:

    Cheers,
    Tyler

    PS. I looked in some of our past emails from you as I thought you had sent in your login before but I couldn't find one with wp-admin credentials so I hope you don't mind granting support access.

  • Tyler Postle

    Hey Larry,

    Ah, yes I can still see the issue as well. I tested on my install and the issue isn't happening, so it appears to be a conflict with either your plugins or your theme.

    Could you send in your FTP so we can investigate further? I see I asked this further up, but again checking in the emails you've sent us, I didn't see any that has FTP.

    Apologies for my delay here. Soon as you send the below information in we'll investigate this asap and post back here :slight_smile:

    You can send that privately through our contact form: https://premium.wpmudev.org/contact/

    Select "I have a different question" for your topic - this and the subject line ensure that it gets assigned to me.

    Send in:

    Subject: "Attn: Tyler Postle"
    -WordPress admin username
    -WordPress admin password
    -login url
    -FTP credentials (host/username/password)
    -link back to this thread for reference
    -any other relevant urls

    **If you keep support access active then no need to send in wp-admin

    Talk to you soon! Cheers

  • Ivan Shulev

    Hey Larry,

    I hope you are having a nice day so far!

    I took a look at one of your website and noticed that only the header and background images are not loading.

    I added a quick fix in wp-content/mu-plugins/wpmudev-mod-url-rewrite.php:

    <?php
    	if( 1 !== get_current_blog_id() && is_ssl() ) {
    		add_filter( 'theme_mod_header_image', 'wpse44503_filter_mod_url' );
    		add_filter( 'theme_mod_background_image', 'wpse44503_filter_mod_url' );
    	}
    	function wpse44503_filter_mod_url( $url ){
    		$new_url = str_replace( 'rsen.spi.us', $_SERVER['HTTP_HOST'], $url );
    		return $new_url;
    	}

    The code above checks if it is not the main website (we want to exclude it because it has a different file structure) and if the site is using SSL. If those conditions are met, the code changes the URL for the header and background images by replacing rsen.spi.us with the URL of the current website (the domain you mapped to the current subsite).

    In theory, this solution should work for the rest of the websites as well, but please post back if any other issues arise!

    I hope this helps and I wish you an awesome day ahead!

    Ivan

  • lbartley

    Thanks Ivan-

    I'm trying to understand how I would impalement this for other domains in this same network. Would I add a line of code to this .php file or would I duplicate the file and substitute the new domain for rsen.spi.us? For example, I'm having the same issue with image1plus.com aka: image1plus.spi.us. This particular theme doesn't use a background image but the header image serves as both header and background image. Viewing as https my header/background image goes away.

  • Ivan Shulev

    Hey Larry,

    What I offered before was not covering all the cases I imagined. The problem this time was that the image URL was starting with the following https://image1plus.spi.us/... and the rest of the content was starting with https://image1plus.com/... as it should.

    Since only image1plus.com has a valid certificate, when the header image was loaded from image1plus.spi.us, the browser considered it unsafe and didn't want to load it.

    The previous code I offered did not cover this case so I replaced it with the following:

    <?php
    	if( 1 !== get_current_blog_id() && is_ssl() ) {
    		add_filter( 'theme_mod_header_image', 'wpse44503_filter_mod_url' );
    		add_filter( 'theme_mod_background_image', 'wpse44503_filter_mod_url' );
    	}
    	function wpse44503_filter_mod_url( $url ){
    		$new_url = preg_replace( '/(.*)spi.us/', $_SERVER['HTTP_REFERER'], $url );
    		return $new_url;
    	}

    It is still located in the same file in the mu-plugins folder.

    The code above replaces the URL if it finds anything with spi.us after it (rsen.spi.us, image1plus.spi.us, etc.) with the current site URL.

    This way the images will be treated as secure and should be displayed.

    I will repeat myself (hopefully this time I am closer to the truth). This solution should take care of new sites, but please post back if there are similar issues and we will find a fix for you :slight_smile:

    I hope this helps and I wish you an awesome day ahead!

    Ivan

  • lbartley

    Thanks Ivan-

    I have a better idea how the fix works now and I was rejoicing until I dug deeper on each of the 3 sites in question. The 3 sites I need to run under https are loveyouontuesdays.com, image1plus.com and risingstarentertainmentnetwork.com. I find your solution is now displaying the home page and several others on each site correctly under https however it does not display the header and background on random pages. For example, take a look at https://risingstarentertainmentnetwork.com/register/ which is missing background and header images. also note the bkg image URL for this page has some extra code and is altered to-

    background-image: url('https://risingstarentertainmentnetwork.com/category/view-by-categories/festivals//wp-content/uploads/sites/33/2016/03/bg_snakeskin-2.png');

    Where on a page resolving correctly it appears as-

    background-image: url('/wp-content/uploads/sites/33/2016/03/bg_snakeskin-2.png');

    I see this same pattern of alteration on the other 2 sites as well.

    I appreciate your hemp with this issue.
    Cheers-
    Larry

  • Ivan Shulev

    Hey Larry,

    That was a mistake on my end and I am really sorry for that. The variable I was using - $_SERVER['HTTP_REFERER'] - is giving the URL to the page that referred the user to your website. In this case, when I opened the link you gave above, the image URL started with https://premium.wpmudev.org/forums/topic/losing-images-after-ssl-installed.

    If you are interested in learning more about the variables I am referring to, you can check them out here - http://php.net/manual/en/reserved.variables.server.php

    Again, I am sorry for my mistake and the following code should (hopefully) fix the issue:

    <?php
    	if( 1 !== get_current_blog_id() && is_ssl() ) {
    		add_filter( 'theme_mod_header_image', 'wpse44503_filter_mod_url' );
    		add_filter( 'theme_mod_background_image', 'wpse44503_filter_mod_url' );
    	}
    	function wpse44503_filter_mod_url( $url ){
    		$new_url = preg_replace( '/(.*)spi.us/', 'https://' . $_SERVER['HTTP_HOST'], $url );
    		return $new_url;
    	}

    I took the liberty of updating the code in wp-content/mu-plugins/wpmudev-mod-url-rewrite.php.

    I hope this helps and I wish you an awesome day ahead!

    Ivan

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.