Malfunctioning or malicious add-on
-
While surfing blog sites in IE, a notice opened up in a tab under the IE browser I was using… The notice said the site I visited had a malfunctioning or malicious add-on… I didn’t see it until I had closed out of IE… This blogger does not post often because he has ALS and can only communicate with eye movements on his computer… I would like WP techs to make sure his wordpress.com site is made safe again… I put a screen shot of his problem in my media folder… Thank you all for making sure WP bloggers stay safe.
The blog I need help with is: (visible only to logged in users)
-
Hello @96isaiah,
Please send the link to that website, so I can test on my end.
Do you notice similar issue with other browsers? (Chrome, Firefox)
A note about Internet Explorer: Due to browser incompatibility, some themes are not fully functional in Internet Explorer 10 or earlier.
You will find more information from this link.
I hope this gets sorted out.
Regards,
Rose -
Hi Rose,
The website in question is unshakablehope.wordpress.com… In the screen shot I uploaded to my media folder for you to see, it is underlined in pink in the address bar.
I have not had much time to be on the computer today, so I have not tried it in other browsers… Many of the security alerts that appear on WP blog sites when browsing in Internet Explorer mention the blog site as having mixed content… I’ve tried to take some time to learn about that and seem to understand that the site contains a mixture of http: and https: materials, such as scripting — and often does not have a valid certificate… That seems to be something browsing in Firefox also notes… The mixed materials can also be the ads that are put on sites… I wonder if a bad ad caused that warning message on Bill’s Unshakablehope blog site… I’ve often noticed that ads are slow in coming up and seem to disable one’s ability to scroll… I’m sure they are considered mixed material.
A Microsoft website says they will be supporting Internet Explorer 11 for as long as they use Windows 10… I use the latest of those…
I will continue to try and learn more about security alerts as time permits, but am not technically inclined… : ) ……. Will also check on your link above and check out other browsers… Thank you for supplying that and for making sure WordPress bloggers stay safe.
Have a great day.
-
Hi Rose,
Yes, it is similar in that lately, Bill’s blog site has had security alerts like the ones I previously mentioned… This may be considered “similar”, but is much more ominous… These sorts of alerts should not be ignored… If they happen on an innocent and simple site like Bill’s, they can happen to any blogger… Now the threat is escalated, so that WordPress should pay attention to it, in order to keep all WordPress bloggers safe.
Since Internet Explorer, Edge, and Firefox display security alerts of various sorts, on WordPress blog sites, this needs to be attended to… These are all popular browsers…
By the way, in going to Bill’s blog site this morning, it worked perfectly and retained its padlock… Some other WP blog sites were also more workable… It seems like WordPress techs are on the right track, in the process of fixing something…
I sure do hope so, because it does not appear that these problems are controllable on the blogger’s end… Software developers are capable of making software programs compatible… So, I do hope that is what they are doing in fixing Bill’s blog site… I also feel that the ads need to be tested for long-running scripts and malware of every sort…
There simply are people out there who do not like being nice…
Thank you and all of the WordPress staff that works diligently at keeping all bloggers — and their readers — safe… There are so many that appreciate it.
Have a great day.
-
You’re welcome. I’m really glad it gets sorted. And thank you so much for your kind words. :)
Have a great day!
Regards,
Rose -
Hi Rose,
I have a question… I said that Bill’s site worked perfectly, and some other WordPress blogs seemed pleasantly improved… Does that mean that the WordPress software developers worked on this problem?… Or might these problems occur again?…
I wonder about this because not all of the blog sites I visited worked well — just a number of them…
I’m looking forward to having everyone’s WordPress blog site work well and be totally safe… With today’s technology that should be very possible.
Thank you and have a good evening.
-
Hi @96isaiah,
If I may share some insights with you, with regards to the security issue you’re facing on a couple of (WordPress.com) sites, as you have mentioned before:
Many of the security alerts that appear on WP blog sites when browsing in Internet Explorer mention the blog site as having mixed content… I’ve tried to take some time to learn about that and seem to understand that the site contains a mixture of http: and https: materials, such as scripting
This is an issue that wouldn’t be possible to be handled by WordPress platform itself. Since a content of a (WordPress.com) site is in control of the owner him/herself.
I can assure you that the WordPress software itself is safe and the people behind WordPress.com will always try to make sure their service is safe for all people.
However, I don’t believe that a mixed content of a site is something that WordPress.com itself can take control of. At least, that’s what I know of.
To give you a sample, we can use your friend, Bill’s, site unshakablehope.wordpress.com
Now, I don’t use IE like you but I’m using Chrome as my web browser.
But even when I’m using Chrome, I saw this site is marked as not fully secured. Here’s a screenshot of what I’m looking at:
http://take.ms/DTFnrCompare to your own site 123hallelujah.wordpress.com I saw a different thing. Here, your site is marked as fully secured.
Screenshot: http://take.ms/7cwhONow, how can this be happened, while both sites are hosted on WordPress.com with the same software, setup and such?
The answer is because Bill’s site contains this particular mixed content:
http://take.ms/pDcaTIt’s coming from the “Flag Counter” widget on the site which I believe is being added to the site using some custom HTML script in a Text Widget.
See here: http://take.ms/i7RPG
If you’d like to and if you have control of Bill’s site, you can try to change both “http” URL in the above screenshot to “https”. I could then help you checking again in my Chrome whether it’ll then change to “Secure” as your WordPress.com site or not.
To put in summary, this is a simple example of why there’ll be no guarantee if you won’t have the problem of security warning displayed on the sites you’re visiting.
Again, it’s because you can’t just rely on the platform the sites are using (in this case, WordPress.com) but each site owner also needs to take responsibility for their own content.
Hope this helps you give some insight and please let me know if there is anything else you’d like to discuss.
-
Hi Rose,
While waiting for your reply, I surfed WP blogs again this morning — and sadly came upon many more security alerts… I told you how Bill’s site worked so perfectly yesterday — but today, while showing it was in https and had a padlock, there were also two security alerts — all that at the same time… I can upload a print screen of that to my media file for you, if you wish.
That same scenario happened on a couple other sites as well… I cannot figure out how things can work fine one day, but not the next… Now it does not seem like the WP techs have worked on it.
I am hoping that Bill’s site will not have another notice of a malfunctioning or malicious add-on… That warning has only appeared once so far…
Thank you for sharing this problem with the WP software developers… I really appreciate it… Have a great day…
-
Hi Erric,
Thank you for your concern, but I think you have confused wordpress.com sites with wordpress.org sites… I am concerned about wordpress.com sites because WordPress takes care of all the software on these sites and we have limited choices for making various safe settings…
It is the wordpress.org sites that need to be more knowledgeable in choosing the right settings… Because wordpress.com handles the whole WordPress platform, everybody should be secure… But, I am concerned about experiencing various security alerts on these wordpress.com sites…
The security alerts I see on wordpress.com sites mention mixed content, invalid certificates, and then the notice of a malfunctioning or malicious add-on on Bill’s site… I’ve only seen that warning once, but it is something that should never appear on a wordpress.com site because the WordPress techs have the control over those things…
Bill has had that flag counter on his site for years… I go to his site every day, just as a way of supporting him — even though he is unable to write very often… The other day was the first and only time I’ve ever seen a warning of a malfunctioning or malicious add-on… So, there is a glitch somewhere on Bill’s site…
The only reason I am reporting about Bill’s site is that he most likely is not aware of a problem, and his health problem with ALS prevents him from doing much of anything…
People who need to use wordpress.com blogging platforms need to do so because they are not technically inclined… By necessity, they need to have WordPress supply them with safe themes, widgets, and everything else that concerns creating a safe blog site — even safe ads…
Everybody is gifted to provide something special for this world — and we all need to use the special gifts of others to make everyone’s life better… Nobody is gifted in absolutely everything needed in this life…
It’s quite the world, and we can be thankful for the gifts of others… It makes the world go around… : )
Again, thank you and have a great day.
-
Hi Everyone at WordPress,
I don’t know how it has happened, but this morning while surfing blogs using IE, everything worked beautifully and was so enjoyable… I truly appreciate that — and am sure many others do, too…
That should lead many to using Mozilla FireFox and becoming better acquainted with it… It feels so good to not have security concerns when surfing… Thank you all, so very much!
-
Hi All,
Surfing blog sites in IE went well again this morning… Thank you all!…
I just have one quirk to note… The site I’ve been most concerned about — unshakablehope.wordpress.com — has a note in the address bar about having a spelling error… I checked my Webster’s Dictionary, and it is not misspelled… Might that be the reason why his wordpress.com blog site did not have a padlock?
I am concerned that if he does not have a padlock, he will soon be getting security alerts of various sorts again… Thank you for taking care of Bill’s safety needs… I really appreciate it.
Have a great day.
-
Ooops!… I forgot to mention that I will be uploading a print screen to my media folder of that quirk that needs to be taken care of… Thanks again.
-
Note that I clearly see the https:// and everyone with an up to date browser http://browse happy.com should see the https:// here https://unshakablehope.wordpress.com/
All WordPress sites are encrypted. You can read about that here https://en.support.wordpress.com/https-ssl/
-
Oops! Sorry. That link for getting an up to date browser version should have been http://browsehappy.com
-
Hi Timethief,
Thank you for checking in on this… I do have the latest IE browser on Windows 10 and Microsoft will be keeping it up for a few more years, as long as they take care of Windows 10… I feel like it is more people friendly because I’m accustomed to it and I like the way it is set up.
WP puts a padlock on all their sites to show they are safe… That padlock disappeared in about a second after entering the site… That should not happen… If you check the print screen I uploaded to my media folder, you will see that the https:// is there — but the padlock is gone…
Also, the address bar indicates a spelling error… There is no spelling error… I’m concerned on Bill’s behalf because he has ALS, and in consideration of that, I feel one needs to make sure his site stays safe…
His site has had a dire warning not long ago, as recorded above…
Have a great day and I hope all is going well for you…
-
Hi there,
I had a look at that site in IE, and you’re correct that it’s not showing the padlock, but I suspect that’s because there is non-secure content on the page – I get that warning when viewing the page in Firefox. Specifically the site has a flagcounter widget that is embedded from a http resource, not https.
There is nothing we can do about that – the only way to get rid of that warning is to either remove that widget, or convince the owners of the domain from where that is being embedded to enable SSL on their site.
As for the spelling error, I’ve never heard of a spell checker that checks the browser address bar before, and I don’t see it in IE if I check that site. Do you have any browser extensions installed in your browser? That’s the only place I can think of where that could be originating – it’s definitely not coming from us.
-
Hi Kokkieh,
I have a feeling I’m learning things in this process — but, have no clue what… : )
The flag counter seems to be the likely culprit… I can contact Bill about it, but don’t think either of us is knowledgeable enough to know how to contact anyone about enabling the SSL on their site — in case Bill really wants to keep it… Maybe he will choose to delete it for safety’s sake…
Now, the spelling error… I checked all my IE browser add-ons, and disabled one for Microsoft Lync Click to Call… I don’t makes calls from my desktop… The others are for HP Network Check and Shockwave, which I think are supposed to be there… Windows 10 included those add-ons I have… I’ve never personally added anything…
So, I did a search on that “spelling error”… The results are weird, so I uploaded a print screen of them for you to think about… I wonder if that is all connected to the disappearing padlocks and flag counter… Maybe that flag counter should be banned from WP blog sites…
As if this isn’t enough, while preparing a post for tomorrow, I noticed that my “Edit” page in WP has a caution sign on the padlock… That made me check many other administrative page links on my site… All the rest that I checked have the padlock with no caution icon…
I uploaded a print screen of my Edit page for you in my Media folder… Maybe you’re supposed to think of all this as job security…
Just “Thank you!” for your patience and expertise… Do have a wonderful day…
-
I tried searching that as well, but I don’t even find anything on tech forums so I don’t think it’s actually an error, and I’m quite sure it’s unrelated to the security certificate warnings.
Maybe that flag counter should be banned from WP blog sites…
Any resource embedded from a non-https source would cause that warning. By blocking all non-https resources we’d be blocking you from linking to a significant chunk of the internet. And in this case, it’s just that one image that is not being transmitted over HTTPS. All the rest of the site is. If it were dynamic content, like an iframe or a JavaScript resource being transmitted over HTTP there would be cause for concern, but it’s not possible to add content like that to a WordPress.com site and someone won’t be able to intercept your browser session through a simple image. So there isn’t really any risk in this case.
I noticed that my “Edit” page in WP has a caution sign on the padlock…
It looks like all the images at the bottom of your post were inserted using http links instead of https. That’s what’s causing the warning.
Did you insert those using the Add Media button, or did you perhaps copy them in from an older post? If you copied from an older post, that post was likely written before we started using https, meaning the image links at that time had not been at https links yet as they are now.
It’s fine, though – once the post is published we’ll automatically serve those images over https as well as they’re in your media library which is also on a https link.
- The topic ‘Malfunctioning or malicious add-on’ is closed to new replies.
WordPress.com Forums 