I have recently discovered a problem with mixed content on a new website. From my limited research it appears that this has happened before - forums.realmacsoftware.c)m/t/ssl-mixed-content-security-error-due-to-fonts/10872 and it might have something to do with themes but I am not sure. I did a check with Whynopadlock and the result was 7 errors eg
A file with an insecure url of “http://fonts.googleapis.com/css?family=Montserrat” was loaded on line: 39 of https://www.railandspur.c0m/.
When I was looking for themes it started to occur to me, and I might be wrong, that not all the RW addons are being actively managed or updated but the websites and carts are still active. The theme I have is a Brandon Lee Theme “Volante” and I wrote to Brandon about another problem but did not receive an answer which does nothing for my confidence that I will get this issue resolved.
Two issues here my mixed content issue and the all the addon providers out there in the market place.
Can anyone provide me a way to access the theme files so I can either remove or change the lines that are affecting the site or alternative solution.
Is Realmac actively monitoring these addon providers to ensure they remain current and up to date.
I started with RW some 10 years ago and there were only a handful of addons, the usual suspects if you will, but having returned after 4 years it appears to be a confusing mess.
Not trying to be derogatory here just relating an experience. I guess what I am saying all these themes and addons need to stay current otherwise there are going to be incompatibilities moving ahead and when I see sites with eg copyright going back to 2016 it makes me wonder.
If I have got that wrong happy to be corrected.
Please note that I modified the links above because I have restrictions.
The report from WayNoPadlock appears to be correct. You have 7 links to Google embedded web fonts that start ‘http://’ instead of ‘https://’ in the <head> section of the webpage:
I’m suspecting the theme. The demo site on the theme website presents these font calls in the same way.
Honestly it would be very simple to edit the theme and fix these font calls, if the theme developer isn’t able to help currently:
Right click the theme preview icon in the theme chooser.
Select ‘reveal theme in finder’.
Open the index.html file in your preferred code editor (e.g. Atom or VS Code).
Find these 7 font calls and amend them.
Save the changes and close the code editor.
However a slightly bigger ‘elephant in the room’ with calling fonts directly from Google is user privacy. New laws like GDPR and CCPA have come along in the past 3 years. For a website to remain complainant, you should either be loading these font files from your own web server or have them within an ‘opt in’ wrapper, so they only load with user consent. If you want to abide by these new rules, the way you load these fonts needs to change. You might need to consult the services of a developer to make these slightly more complex changes to your theme.
I will have a look at this and take what you have said on board. it seems however, I might just need to be more mindful of who I am buying themes from and maybe change to a more compliant one.
I am a bit of a hack when it comes to code etc so would need to be cautious.
Do you think there needs to be a bit of a clean out of the Realmac marketplace because I imagine there are a lot of outdated non-compliant themes etc out there?
I probably could modify any of these themes for you, to simplify the handling of fonts and ensuring everything ticks the boxes for HTTPS requirements and these numerous privacy laws.
These modifications would resolve the problems and you could expect to continue using the themes for a couple more years, at least.
Although you’d probably have to drop me a PayPal donation or other incentive, to cover my time. It’s hard to provide lots of support for addons I don’t otherwise get revenue from.
I think that would be for @bon or @dan to answer. There’s a few politics involved with what gets listed and promoted on there. I don’t know what number of addons listed there could be considered “abandonware”.
It’s certainly apparent that a couple of developers have left RapidWeaver this year. The reasons for their departures are unclear.
The reviews people sometimes leave addons could provide some insight into what support might be available or how frequently stuff gets updated.
Which is why writing honest reviews about addons can be of great help to other users and is possibly something that needs to be encouraged more.
Hi Will thanks for the offer but I have now resolved all the problems. To start with my host created a problem after modifying the server which caused a problem in my .htaccess file I had to reenter the 'Rewrite" code in the correct path. So that issue was fixed. I then decided to download a more up to date themes from Multithemes and now have a big green tick from Whynopadlock. So all is good …for now. Your post certainly helped me out big time and I know enough to be dangerous. Just out of curiosity do you provide paid services for writing code or fixing issues etc.
