WhyNoPadlock.com finds insecure Google Font Links. What can I do to correct? Topic is solved

[villager]

Many of my web pages, all using the same Template and all updated to current, display the Insecure Link red X on the padlock. Going to https://whynopadlock.com, I find the errors are lines 36 and 37 of the page source. The links are as follows:

Line36<link href="http://fonts.googleapis.com/css?family= ... ,700italic" rel="stylesheet" type="text/css" />

Line37<link href="http://fonts.googleapis.com/css?family= ... 00,600,700" rel="stylesheet" type="text/css" />

Changing these lines from http to https will correct the error except that I don't know where they are, where they came from, and what might happen when I apply the latest upgrade to Joomla.

How do I find where the error is? Hopefully it is in the template so a one time change is not reverted with the next upgrade of Joomla. Unfortunately, the template is no longer supported by the vendor, so I am on my own.

[AMurray]

Those links are not *your* site (they are Google's ironically)......and connected with their GoogleFonts service.

Those links may be defined in the index.php file for your template, or a plugin may have added them so check the plugins list for "google fonts".

Could you provide the FPA report to a reply here as that might tell us.

Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.

[annahersh]

You have an extension which is loading google font library with the unsecure protocol. Disable any new extensions, one at a time, then check to see if the problem resolves.

[villager]

It is unfortunate that the source summary that displays errors does not provide any tools to see in which file they are found. As a result, I had to start by installing a new copy of Joomla - no error. Then added the purchased template - error appeared. This identified the source, but of course the template is full of files, and looking through each one for the offending http instead of https is a huge time waster.

I therefore emailed the company from which I purchased the template, and fortunately they are still in business. Even though I am no longer paying the subscription fee, and they have discontinued the template, they did identify the file in which the offending http resided. I was able to add the "s" to the two offending lines, save the file and then add it to the 20 sites that use the same template.

For anyone reading this in the future, I was unable to find a search app that would look in every file for a string, in this case http://fonts that would have taken me directly to the problem. If anyone else knows of such an app, I am sure that future members searching for a solution would appreciate the tip.

Thanks for the replies annahersh and AMurray.

[annahersh]

It's unfortunate that you had to go to long route to isolate the extension. If a similar situation occur, use the Extension Manager where you can easily disable extensions. Filter by type to focus on a specific group.

ext-manager.jpg

The simple method when doing such trouble shooting is to start with the template and switch default to the core Protostar.

There are many free text editors that will search for strings in files within directories. NotePad++ is quite common and very efficient.

find-in-files.jpg

[villager]

I did begin with using the Extension Manager, sorting it by ID number so I could start with the newest additions. When none of them had any effect, I suspected it was the template itself. Quickest way to verify was to take a dormant domain, install new Joomla to verify no bugs there, then install the template.

However, with every browser informing me of the http vs https conflict, it seems curious that whatever occured in the background to so identify would not be able trace back and identify the file... or that a search program could not be initiated to scan all files and find the culprit.

I tried using view/edit on Filezilla with a search function using Notepad, but it requires I click on each file to view and then Ctrl-F to search. After about 30 minutes, I gave up that approach.

If anyone knows of an all-file search app that scans every file for in this case "http://fonts" and displays location, that would help the next person who encounters the problem of the padlock with the red X.

[annahersh]

I doubt there is any software that will search all directories on a server via ftp. You will need shell access to run a grep command (linux/unix). See the details at https://www.geeksforgeeks.org/grep-comm ... unixlinux/

Otherwise it's simpler to download the entire website package to your local computer and use a tool like the afore mentioned Notpad++, TextPad or similar