Need help? Check out our Support site, then


Security Alerts on many WordPress sites

  1. I visit WordPress sites using Internet Explorer because I like it. However, more and more often, I am getting IE Security Alerts for identity problems, certificate problems, and revocation problems. Many of these wordpress.com sites will then lock up. It even makes me wonder if my site presents these problems to readers. I have the latest IE browser and all Windows updates. Does WP have a problem with readers using IE? Why are these Security Alerts appearing on more and more WP sites? This is troublesome for IE users.

    The blog I need help with is 123hallelujah.wordpress.com.

  2. If I browse to your site I see the error in Internet Explorer as well. Since this may be an issue with the site certificate then we'll need to get staff engaged. I've typed modlook into the tag for this thread so they can look into the issue.

    If you have links to any additional website that you're also encountering this alert for please post them here at well.

  3. Hi there,

    What version of Internet Explorer, please? And can you give me the exact error message/take a screen shot of it and upload it to your media library?

    There is nothing wrong with your site's SSL certificate, and the fact that you're seeing this on multiple sites using IE means the problem is with the browser.

    This appears to be a known issue with older versions of IE. You can see if these instructions perhaps work for you:

    https://support.microsoft.com/en-za/help/2851628/internet-explorer-cannot-display-an-https-site-when-ssl-2-0-and-tls-1

  4. I will share since I'm also seeing the error on this site. I'm using IE 11, specifically:
    IE 11.608.15063.0

    Here is a screenshot of the error:
    https://ibb.co/mneK8w

  5. Thank you for getting back to me. I use Windows 10 with IE 11, Version 11.608.15063.0. This morning I encountered only four security alerts -- all of the same type.

    I will put the four PrintScreen shots in my media folder.

    All of these appeared at the bottom of the screen and said: "Only secured content is displayed. What's the risk. Show all content."

    This sort of notice appears often. Other notices are in a dialog box in the middle of the screen, usually one that says: "The identity of this website or the integrity of this connection cannot be verified." Then is lists 5 possible reasons.

    I have encountered three notices recently regarding a revocation, but have never been able to get a screen shot of any of them. It simply does not work. Those sites lock up and I have to do a Ctrl/Alt/Del to get out.

    Thank you all. I feel concerned that these notices appear on my site also.

  6. @96isaiah

    The error in your screen shots is wrong, plain and simple :) There are no unsecured content on any of those sites that I can see, and I don't see that warning in IE 11 on my PC either. Please try clearing all your browser data, as an expired cookie in the browser could actually be the cause of that.

    As for the "The identity of this website or the integrity of this connection cannot be verified." which @xpurichan also reported, I tried searching Google for that error and found several pages that indicate that pop-up might be caused by malware, so if clearing the browser data doesn't make that go away, please install a malware scanner like Malwarebytes on your computer and have it scan for anything that might not belong there.

    I have encountered three notices recently regarding a revocation, but have never been able to get a screen shot of any of them. It simply does not work. Those sites lock up and I have to do a Ctrl/Alt/Del to get out.

    If a security certificate for a site has been revoked you won't be able to access it via HTTPS, but it shouldn't make your computer freeze and you should be able to still visit those sites via HTTP. It's highly unlikely that you'd have seen that message on any WordPress.com site, though, and the freezing issue would be a problem on your computer, not with the site, so we can't help with that part.

  7. Hi Kokkieh,

    Your reply puzzles me. I have the latest versions of Windows and IE --- I clear out all of my browser data often, and always upon leaving a site that needs a password.

    For another issue a couple months or so ago, WP had me download Malwarebytes, Hitman Pro, and Zemana. None of those programs found anything wrong with my computer. I deleted those programs from my computer so I wouldn't take an unfair advantage of their services.

    In the same breath, I note that the security alerts I see have been showing up in my WP blog readings using IE for at least two years or more --- probably a whole lot more. I just can't remember.

    I can't swear to it and have no proof, but feel sure that the revocation notices were on WP sites. I don't know why they would show up only recently and on sites that I seem to recall as having no problems before --- even though I cannot recall which sites those were.

    In surfing WP blogs today, it seems that many are https and some http. Even my WP Dashboard, Posts, Stats, etc., are all https. I think about that and how all the sites I put in my WP media for you were https sites. Even Google, Amazon, and other similar popular sites are in https --- but they don't give security alerts when I go there.

    I just cannot figure out why there is a security alert problem on WP sites I go to. And, I don't think I even saw one earlier today, for the first time in quite awhile. It's odd.

    Well, I hope it all turns out well for everyone.

  8. Your reply puzzles me. I have the latest versions of Windows and IE --- I clear out all of my browser data often, and always upon leaving a site that needs a password.

    I told you what the most likely causes are for those messages. According to several articles and forum posts I found via Google Internet Explorer is known to give incorrect warnings like this. That's not something we can control.

    Given that Microsoft is systematically retiring support for Internet Explorer it is advisable to start switching to a different browser in any event if you still use IE.

    But the SSL certificates are fine on the WordPress.com sites you indicated in your screen shots, I don't see any insecure data on those sites, and Internet Explorer shows no warnings for me on those sites.

    I can't swear to it and have no proof, but feel sure that the revocation notices were on WP sites.

    When you say "WP sites", are you speaking of WordPress.com sites or self-hosted sites using the WordPress.org software? They are not the same thing and we have no control over what happens on sites using the self-hosted software.

    In surfing WP blogs today, it seems that many are https and some http.

    It is impossible for any WordPress.com site to load over http. It literally cannot happen, as the moment you load a WordPress.com site we place an instruction in your browser that the particular site should always be loaded over https, and that instruction cannot be blocked and isn't deleted by clearing your browser data.

    However, it is perfectly possible for self-hosted WordPress site to load over http, as such a site would only load over https if the site owner set up SSL at their hosting provider. As I mentioned above, we have no control over those sites.

  9. @96isaiah to give you some further assurance your website does not present any errors with Microsoft's newest browser Edge, nor on Chrome or Firefox. As @kokkeih mentioned Internet Explorer is end-of-life as Microsoft has replaced it with Edge. Microsoft may continue to perform minor updates for security purposes but probably not anything more than that.

    I understand you prefer using IE and there is nothing wrong with that, but I might recommend beginning to test out other browsers to ensure that you're getting the best and most secure experience when browsing the web as IE will eventually be retired or incompatible as web language continues to change.

  10. Hi xpurichan and kokkieh,

    Time flies when you're having fun --- and even when you're not. Thank you both for being so helpful. I really appreciate your assistance.

    I had downloaded Edge last year and finally went back to it. I can't make myself "love" it for quite a number of reasons, but will force myself to use it, hoping to get accustomed to it. In working with Edge this morning, I noted a couple things. 1. There were no security alerts of any kind. That's good. 2. Websites had the needed padlock in the address bar to show they were secure --- but many WordPress blog sites lost that padlock in a minute or two. Some of those blog sites were wordpress.com and some were through wordpress.org, so they had their own address.

    I read a number of web tech articles regarding the use of the WordPress blogging platform. One mentioned that some problems like this are caused by a theme that has vulnerabilities. I really like my theme and have used it for eight years now. It is organized the way I like things and allows me to use my own picture in the header. How can I know if it has a vulnerability? I don't think I'm using any sort of add-on that would create a problem. Is there a way to find out?

    Again, thank you for caring and for sharing your expertise. I really appreciate it. Have a great day.

  11. many WordPress blog sites lost that padlock in a minute or two. Some of those blog sites were wordpress.com and some were through wordpress.org, so they had their own address.

    Can you please give me the addresses of the sites in question? It really shouldn't be possible for a WordPress.com site to load over an unsecured connection, regardless of whether it's on the free domain or a custom address.

    I read a number of web tech articles regarding the use of the WordPress blogging platform. One mentioned that some problems like this are caused by a theme that has vulnerabilities.

    Those articles refer to the self-hosted WordPress.org software, where outdated or poorly-written themes and plugins can indeed cause vulnerabilities. However, on WordPress.com we curate all themes appearing in your showcase to make sure they don't have these vulnerabilities, and the software is always kept up to date automatically here.

    You are using a retired theme, but all that means is that it has become too old for us to add support for our newest features to it, and eventually it will break to such a degree that we can't fix it, but from a security standpoint you're completely safe as all security patches are applied to your site regardless of the theme you're using.

  12. Hi kokkieh,

    I am sure glad to hear that WordPress is keeping my theme secure, even though it is a retired theme. More themes along that line should be created because it clearly leads non-blogging readers to read more and has more of a welcoming feel to it than many others. So thank you all.

    I don't have the addresses of the sites I visited yesterday through Edge, but made an effort to take screen shots of the questionable sites visited in Edge this morning. I made notes on each screen shot to make things clearer.

    I hit a snag on a blog site named the Constitution Club. I haven't been there for awhile. It has evidently been taken over by some sort of malware. The account of that can be seen on the screen shots I uploaded to my media file.

    The sites that had no security padlocks today are different from those encountered yesterday. Most of the sites visited today had and kept the padlock feature.

    Eleven screen shots were uploaded this morning. They should be viewed starting from "a" and going through "k", so you can get a gist of the snag mentioned.

    I hope all this will be helpful to you so that all of WordPress can stay secure for all bloggers. I almost forgot to mention --- there are times when I open up Firefox to work on my post, Edge puts a large dialog box in the lower left corner, saying Edge is safer than Firefox. It disappears in a short time.

    Hope you all have a great day, and thank you for everything.

  13. Good morning -

    Following up for @kokkieh here :)

    Thank you for uploading those screen shots. I will have a look and report back.

  14. Alright I am back.

    Do you have the URL for Constitution Club? I did not see that in the screen shots. My theory is that the site expired, was bought by someone else, and is not redirecting to ads. With the URL I can confirm that theory or keep investigating.

    Will you give this a try? https://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/turn-off-only-secure-content-is-displayed/4e0213cd-653f-42eb-8b52-96aa5ed15068?auth=1

  15. Hi Liz,

    Thank you for getting back to me. I'm sure the Constitution Club site is expired and taken over by malware of some sort, based on the print screens I uploaded to my media yesterday. Their address was http://constitutionclub.org. I was in Edge when I got the huge warning in the print screens for yesterday.

    All the print screens uploaded yesterday were while using Edge.

    This morning I added more print screens while using Firefox. Some of those have a padlock with an exclamation mark, which seems like a caution. Some of those people are not able to post real often for various health reasons. I hope having WP cautions won't add to their life challenges. Others have the safe padlock in Firefox, while they always have security alerts in IE, and disappearing padlocks in Edge. That makes me wonder...

    Comparing blog sites visited in IE, Edge, and Firefox, Firefox is keeping the WP sites safe. But, as you can see from one of today's print screens, going to a Blogspot site had a strange result.

    At this point, I feel there just is some sort of competition between various blogging platforms. The safety of all those who surf the Internet needs to be considered. I don't know if there is an honest security alert or if there is an attempt to make people avoid certain sites.

    Thank you for taking all these print screens into consideration. Today, I didn't get to view all of the blog sites I normally go to because every browser rearranges my "Favorites" in different ways, and I'm just too tired to try and find them all right now. Maybe tomorrow...

    Again, thank you so much --- and have a great day.

  16. Hi,
    I haven't had a chance to surf WP sites today. I just checked my Gmail and had troubles with a WP "Like" notice. I'm uploading three additional screen shots regarding what happened with the WP notice in Gmail. It happens that the "like" is from a writing teacher that I would be really interested in, but could not read any of his posts until I got in to WP and read in the Reader.

    Please check through the three screen shots uploaded to my Media files this morning. Each one explains what I think most WordPress readers experience as they try to read various WP posts.

    I'll let the uploaded screen shots explain with my notations.

    I've been deliberating on the link you shared the other day. Thank you for sharing that. I still just can't imagine whether it is safe or not. WP sites are obviously safe when using FireFox --- but not safe when using IE or Edge.

    I do like FireFox's way of reorganizing my IE Favorites --- in comparison to Edge's total mess. But, there are still things I have to discover and get used to. I know I prefer FireFox. This is how old people are. We were not introduced to the Internet until we passed middle age by far. Young people have a hard time getting used to that, but they will comprehend something when they get old enough to be bypassed by even more technology.

    Thank you for trying to understand and for figuring out how all of this can be rightfully settled for all concerned. I've ignored my concerns for years, but they are becoming more and more bothersome. That means somebody needs to speak up and resolve the problem, which should not have occurred in the first place.

    Thank you again. Everything you do will be appreciated by many --- and should be good for WordPress ratings.

  17. Good morning -

    Are you viewing your emails from the same browser that you are signed in to your WordPress.com account with?

    Also, a bit of a long shot, but have you restarted the computer since this change started?

  18. Hi Liz,

    I have no clue how viewing emails is connected to this, but I use IE to view my gmail. There have been times lately -- when I click on a new visitor's posts as shown in the WP "like" or "following" notice in my gmail -- that I have experienced their site giving a security notice and sometimes locking up.

    After checking my gmail for the day, I surf blogs on various blog platforms in IE. I like to surf in IE because all my Favorites are organized the way I like --- not the way some software developer wants them organized. : ) I've been surfing this way for years and am comfortable with it. In going to various blog sites, it seems that only WP blog sites present security notices of various sorts and lock up. I don't recall having a problem with other blogging platforms.

    After surfing in IE, I close out of it and go to Firefox to work on the next day's WP post, because awhile back IE started giving me problems while working on WP posts in IE. A WP tech told me to use Firefox for posting and the problems stopped.

    To answer your second question, I close down my computer every evening and start it up every morning, so there should be no problem there. Guess that's the old-fashioned way of doing things.

    All-in-all, to me it seems that IE and WP need to get together with a meeting of the minds to iron things out to the satisfaction of everyone concerned --- from tech needs to the needs of serving the people well.

    I have no idea how non-bloggers are affected by any of this --- but they do make up the majority of this world's population and should be considered.

    Thank you so much for looking into this. It's disturbing to me because it doesn't make any sense. WP blog sites should not be losing their padlock or even starting up without a padlock -- whether they are from wordpress.com or wordpress.org. There is no sensible reason for WP blog sites to get security notices and lock up either.

    Such is life these days. Again, thank you for figuring this conundrum. Hopefully, it's fun for you. Have a great day.

  19. Hi Liz,

    Wow! Surfing all blog platforms this morning in IE was awesome. I encountered only one security alert down by the task bar, that quickly disappeared on its own --- and there were no screen lockups. I even visited WP sites that rarely post anything anymore for various reasons. They all worked flawlessly. It felt like there was peace in the valley.

    I don't know what has happened or if it will stay this nice, but I really appreciated the ease at which I was able to surf this morning. It sure felt a whole lot safer --- and that is a good feeling.

    So, thank you all for making the Internet a good place to share, learn, and express one's self.

    Wishing you all a marvelous day --- and looking forward to experiencing good blogging days ahead. Thank you again for sharing your expertise in bringing people together on the Internet!

  20. That's great news :) I'll leave this thread open in case you begin to run in to trouble again. Just write back if you do. Take care and best wishes!

    I'll pass your kind words along to the rest of the team too <3

You must log in to post.

About this Topic