Security Error on WordPress site using WooCommerce, cleaner theme and PayPal

Question

I am using a combination of things and not sure where the error is coming from: I have a WordPress site with and installed SSL cert. https:www.joesmetrobox.com. I have the Cleanr theme installed and I am using WooCommerce and the Paypal Advanced plug in to use Paypal as the way I process payments.

Everything is fine until I try to submit the credit card information here: on this page: checkout/pay/?key=order_51882ad846e67&order=360 (this would be unique for transaction). Then depending on the browser I get an error:

Firefox: Security Warning: Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by others. Are you sure you want to continue sending this information? Firebug gives me this

error: 404 error for this wp-content/themes/cleanr/js/scripts.js?ver=1.0 and file which does not seem to exist.

Explorer 8: Security Warning: Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.

Chrome: Secure Token Expired
and if I use their developer tools I also get this extra clue: Unsafe JavaScript attempt to access frame with URL https://joesmetrobox.com/checkout/pay/?key=order_5188245e1ae70&order=361 from frame with URL https://payflowlink.paypal.com/?mode=LIVE&SECURETOKEN=LvNtL1gubfE6Z5lwc2gMiQgJ0&SECURETOKENID=joesmetro51882d664015d4.15989435. Domains, protocols and ports must match.

So I am pretty stumped at this point where to even focus my attention. I am not a programmer and know just enough to be dangerous.

I am wondering if it is some kind of token setting in Paypal that I accidentally clicked and don't need? or maybe WooCommerce isn't playing nice with Paypal, Cleanr theme or maybe both.

I just want to be able to process payments without an error popping up...does anyone have ideas?

Answer 1

a plugin like this may help you implement HTTPS to your site.

http://wordpress.org/extend/plugins/wordpress-https/

WooCommerce Reference: http://docs.woothemes.com/document/ssl-and-https/

Insecure content warnings

If you have insecure content warnings when viewing a secure page it means you will be linking directly to scripts, images, or stylesheets over http instead of https. Most of the time this is simply fixed by changing said links to https or by using relative URL’s (e.g. /wp-content/file instead of http yoursitename/wp-content/file).

You can also use a plugin like WordPress HTTPS to force the URLS to be secure. WooCommerce does secure scripts which are enqueued correctly.

To identify the insecure links you can use a tool such as Firebug for firefox, or Chromes built in developer tools, and look at the error console – insecure resources will be listed.