Security Issue on Nginx Website
![](https://selimkoc.com/wp-content/uploads/2023/11/nginx-security.png)
Recently, Nginx reported a security issue on their blog about Rapid Reset Attack on HTTP/2 and while I was checking the blog, I figured out they have also mixed content security issues on the site. I wrote a comment about it on their blog.
![](https://selimkoc.com/wp-content/uploads/2023/11/screen-shot-2023-11-11-at-23.22.13-1024x775.png)
Later I checked all their website and I saw they use WordPress as their CMS and most probably the website address is set to http://nginx.com instead of https://nginx.com. So the whole site has mixed content security issues. I wrote it again to the blog comment but my comment is not approved (yet 🙂 ).
I’m copying & pasting my comment below and let’s hope Nginx will fix their website soon. I also informed Nginx via their info email.
![](https://selimkoc.com/wp-content/uploads/2023/11/screen-shot-2023-11-11-at-23.24.33-1024x801.png)
Yes, it is.
Chrome desktop does not show this error, but mobile version shows.
The problem is some files are loaded from http protocol on this https page. I see this error often on mobile and I wrote a blog about it, which includes how to fix it.
You can see the image is loaded from http on attached screenshot.
![](https://selimkoc.com/wp-content/uploads/2023/11/nginx-576x1024.png)
As you are using WordPress for content management, you can change website url from http://nginx.com to https://nginx.com which will solve the problem for future content. For existing content, you need to make search & replace in the database.
I see you also have links to http version of nginx.com in your pages, so you had better to use a search&replace output filter for WordPress, there are already some plugins written for this functionality.