Error #10002. Security error. Security header

I have installed an SSL cert yet users are still getting this error message when trying to make a purchase using pro forms on my membersip options page

Yes I have added the custome field s2member_force_ssl = yes

Thank you for reporting this important issue.

I have installed an SSL cert yet users are still getting this error message when trying to make a purchase using pro forms on my membersip options page

Could you post a link to the page on which this happening?

link

Thanks for the link, but I’m unable to connect to your site right now on two separate internet connections. I’ll try again later.

Thanks. This issue has remained unresolved for several weeks. Would really appreciate it being looked in to.

Thanks for your patience.

I took a look and it appears that your theme is loading in some resources after s2Member forces SSL. Can you try the first two steps in Common Troubleshoot Tips here, please?

See: Knowledge Base » Common Troubleshooting Tips

Thanks. I’ve tried these two steps before. No luck.

So you changed the theme to the default one and deactivated every plugin other than s2Member, and you still got that error when you tested again? That’s odd, we haven’t seen this happen before, a clean installation of WordPress with just s2Member doesn’t have that problem.

Could you install in a separate directory, a new copy of WordPress, just add s2Member, create a page with the pro-form and the s2member_force_ssl custom field, and reproduce it there? Please send us the info to this test installation so we can see it and investigate what the reason may be, and let us know when you submitted it. s2Member® » Private Contact Form

So the only way to rectify this issue is to change my entire theme?
A theme that has been heavily customised for my business needs as well as business branding.

So you confirmed that the problem is in the theme? Okay.

No, you don’t necessarily have to change it to another theme, but you will need to improve it so it doesn’t cause errors. Once you identified what the problem with the custom theme is, you can customize it some more to fix it.

So I changed the theme and the problem still exists!

AND I deactivated all plugins!

So I changed the theme and the problem still exists!
AND I deactivated all plugins!

Okay. To the default theme? Then I’d like to take another look at it.

I see that you’re using a custom theme again. I want to do a test purchase to see this error, but I don’t want to change your theme or deactivate your plugins in the live site, unless you tell me you have a backup and are okay with me doing it for the tests. Or did/could you create a separate test installation of WP, with only s2Member, as suggested in the troubleshooting tips?

I’d create a test page, forcing SSL, with a pro-form like the one in your Membership Options Page, but for 1 cent, and checkout with my own card to reproduce the problem. Please let me know if there’s something else I should do to reproduce the 10002 error you get.

I just tried the login credentials you sent before, but couldn’t access tha admin area. Could you resend working credentials so I login to test this? Please leave me a reply here letting me know you sent it. Thanks! s2Member® » Private Contact Form

Thanks for the email. I did a couple of test purchases and saw the error. I tried with the default theme too, but didn’t deactivate the plugins, since you didn’t specify in your email that I could do that too.

I searched a bit your error and found another thread where a site owner was getting this same error from PayPal. The reason for him was using an API certificate instead of signature, changing to the signature solved it. https://www.s2member.com/forums/topic/security-header-is-not-valid-2/#post-46394

Could you please verify that’s not the case for you? Thanks.

Hi Christian,

I am using an API signature

Okay.

I’ll ask Jason about that PayPal error, because I’m not sure what else is causing it.

Have you asked PayPal support about it?

No because the problem only started once I upgraded to s2 member Pro. I will get in touch with them but if not is there the possibility of a refund (since it has not been working for over a month) ?

No because the problem only started once I upgraded to s2 member Pro.

That error is one you’re getting with the pro-form when choosing one of the cards to pay, processed by PayPal Pro, which is not something that would happen with the free version of s2Member.

I went back to your site’s configuration and see that you don’t have any credentials entered for the PayFlow API. [hilite path]Dashboard -› s2Member® -› PayPal® Options -› PayFlow™ Account Details[/hilite]

It didn’t ring a bell before, but just to check: does it mean your PayPal Pro uses the PayPal Pro API? Knowledge Base » PayPal Pro, PayFlow, DPRP, Express Checkout

Just to make sure, because I assumed it before but didn’t verify: do you have PayPal Pro? You can’t get paid on your site without it or Authorize.Net.

You aren’t required to have PayPal Pro to use the s2Member pro-form, but in that case you’d remove the card options and only leave PayPal so the payment is processed through PayPal’s Express Checkout.

I have another domain with an entirely different theme and less plugins. What I’m going to do is start using s2member pro on that see if they problem remains. Will let you know.

since upgrading to s2 member Pro new users have been unable to register even as a free subscriber. I’m guessing this could be part of the problem.

I tried to test the free registration, but when I attempt to load your site, I get a redirection problem to wp-signup.php and can’t open it. This wasn’t happening the last time I visited it. Could you let me know when it’s online again so I can try the free registration?

I have another domain with an entirely different theme and less plugins. What I’m going to do is start using s2member pro on that see if they problem remains. Will let you know.

Cool.

Hi so i’ve installed s2 on to a new domain under a new root directory. This website does not have buddypress and the complexities of my previous theme.

S2 member however is not protecting my files at all. Heres is an example of the code I am using.
https://www.cazoommathsworksheets.com/?s2member_file_download=/GCSE/Grade%20C/Number.%20Grade%20C.%20Upper%20and%20Lower%20Bounds.pdf

Here is the link

It worked initially, so hopefully it’s something simple.

(Also when i log in i get a warning that the page is not encrypted).

It worked initially, so hopefully it’s something simple.

Did you set the Membership Options Page? Restrictions aren’t active until that page is set. [hilite path]Dashboard -› s2Member® -› General Options -› Membership Options Page[/hilite]

(Also when i log in i get a warning that the page is not encrypted).

Could you show me a screenshot of it?

i’ve installed s2 on to a new domain under a new root directory.

If you need me to take a look, I’ll need the login to the new installation, please. s2Member® » Private Contact Form

Great, I put the membership options page as private and then messed it all up.

Any ideas why the custom caps is not being protected?

The code is;
a href=”https://www.cazoommathsworksheets.com/?s2member_file_download=access-s2member-ccap-answers/GCSE/Grade C/Number. Grade C. Upper and Lower Bounds. ANSWERS.pdf”

Great, I put the membership options page as private and then messed it all up.

I don’t understand. You found that was the reason you were having trouble and solved it? Or you did that now and have a new problem?

Any ideas why the custom caps is not being protected?

You mean something that you set to require a ccap is still being shown to someone that doesn’t have it? I can only think of the Membership Options Page not being set. Or you are logged in to the admin account and then no restriction is applied.

https://www.cazoommathsworksheets.com/?s2member_file_download=access-s2member-ccap-answers/GCSE/Grade C/Number. Grade C. Upper and Lower Bounds. ANSWERS.pdf

I tried the URL and was redirected to the Membership Options Page, and the vars say it requires the ccap “answers”, so the restriction is working.

https://www.cazoommathsworksheets.com/join/?_s2member_seeking[type]=file&_s2member_seeking[file]=access-s2member-ccap-answers%2FGCSE%2FGrade+C%2FNumber.+Grade+C.+Upper+and+Lower+Bounds.+ANSWERS.pdf&_s2member_seeking[_uri]=Lz9zMm1lbWJlcl9maWxlX2Rvd25sb2FkPWFjY2Vzcy1zMm1lbWJlci1jY2FwLWFuc3dlcnMvR0NTRS9HcmFkZSUyMEMvTnVtYmVyLiUyMEdyYWRlJTIwQy4lMjBVcHBlciUyMGFuZCUyMExvd2VyJTIwQm91bmRzLiUyMEFOU1dFUlMucGRm&_s2member_req[type]=ccap&_s2member_req[ccap]=answers&_s2member_res[type]=file&s2member_seeking=file-access-s2member-ccap-answers%2FGCSE%2FGrade+C%2FNumber.+Grade+C.+Upper+and+Lower+Bounds.+ANSWERS.pdf&s2member_ccap_req=answers&s2-ssl=yes

By the way, I see everything being served over HTTPS, but I keep getting a warning about it.

Maybe there’s something wrong with the SSL certificate? And you don’t really need to secure every page, just the ones from which the user will submit sensitive info would be enough (e.g. payment page).