Getting a Connection is not secure message word press

We are getting the message at the Word Press login screen but not when running the sites.
Couple sites: bidpartner.net -- bidpartner.net/demo -- bidpartner.net/stfrancis

My domain is: bidpartner.net

I ran this command: Log In ‹ Bid Partner — WordPress

It produced this output: "This connectin is not secure. Logins entered.... be compromised.

My web server is (include version): Linode / Ubuntu 20.04.2

The operating system my web server runs on is (include version): Ubuntu 20.04.2

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No, don't think so.

1 Like

Hi @scottjoellmorin

looks like a WordPress problem.

Log In ‹ Bid Partner — WordPress works and is secure.

But the form element

<form name="loginform" id="loginform" action="http://bidpartner.net/wp-login.php" method="post">

has an action attribute with http.

Why? I don't know, looks like a wrong WordPress configuration.

Check your WordPress, something like base url should be https.

1 Like

Dashboard -> Settings:

  • WordPress Address (URL):
  • Site Address (URL)
  • 1 Like

    Welcome to the Let's Encrypt Community, Scott :slightly_smiling_face:

    Yep, you are suffering from what is known as "mixed content" (content linked unsecurely on a securely-loaded page).

    @JuergenAuer has identified the primary culprit and @Rip has identified the specific fix. There are also a number of links to your own website on https://bidpartner.net/wp-login.php that have href="http:// in them. While not causing a specific security problem (as links they're not "mixed content"), they are a sure indication of need for the fix that @Rip has mentioned.

    Here's a website to help you identify such things in your webpages in the future:

    https://www.missingpadlock.com/

    Here's a specific website about fixing the issue:

    Also read this article... It will help you secure the wordpress cms and it will work (mostly)

    1 Like

    This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.