Ajax-loader.gif loading over HTTP instead of HTTPS


I am getting a mixed content error on my www.hiberniacollege.com.

“Mixed Content: The page at ‘https://hiberniacollege.com/’ was loaded over HTTPS, but requested an insecure image ‘http://hiberniacollege.com/wp-content/plugins/s2member/src/images/ajax-loader.gif’. This content should also be served over HTTPS.”

I am using WPEngine.

One response recommends ensuring that the following setting is set to no. “Okay, the solution here was a setting in s2Member under general options -> login welcome page -> Alway redirect non-admin users using http?”

However I do not have this setting? I am using the Pro version ’ s2Member Pro v170722’.

Does anyone have a solution to fix this?


That setting was removed so as to avoid causing this problem.

You say you’re with WPEngine. They are known for having very aggressive caching, and caching could certainly cause this. I think you need to talk to them.

I’m having the same problem and on WPengine with the latest pro version.


Me too. Same issue at WP Engine.

If you force ssl with s2Member, do you still get that?

Create a custom field for s2member_force_ssl set to yes on that page.

If you’re using Gutenberg, go to the editor Options and enable Custom Fields from there first, then you’ll find the Custom Fields at the bottom of the page. https://www.namehero.com/startup/how-to-use-custom-fields-in-gutenberg-screenshots-example/

If that doesn’t do it, I’d troubleshoot testing for plugin or theme conflict. https://s2member.com/kb-article/common-troubleshooting-tips/

This plugin may help test that without affecting the site users: https://wordpress.org/plugins/health-check/

Let me know how it goes. :slight_smile:

I did that and it didn’t work. Just 1 file that’s http and no way to fix it. I’m forcing SSL on cloudflare it’s usually pretty strict. URL is https://globalintelhub.com https://globalintelhub.com/wp-content/plugins/s2member/src/images/ajax-loader.gif really want a fix for this.

Hi crediblock.

I can’t reproduce that on my site…

I found your page with the pro-form at https://globalintelhub.com/signup/

Because the s2member_force_ssl is shown in the pro-form, it seems you added it as a custom profile field from s2’s General Options.


That would not be correct. The s2member_force_ssl goes in the WordPress page itself, as a custom field of the page, in the page editor.


I hope that helps. :slight_smile:

@crediblock - you have your s2member_force_ssl visible in your form…this should be set to hidden shouldn’t it?

Regarding https…add a 301 redirect in your htaccess file so all http requests are 301 redirected to the https equivalent.

I do that using cloudflare, and it works great on all the other wordpress sites where there is no s2member, like www.preiposwap.com that’s why I think it’s a s2member issue. When I ran a security scan for non https content, it showed me this single ajax image ‘loader.gif’ as the issue.

Just hit F12 on your browser, refresh the page and see where it comes from