I think images from photobucket (and maybe other places) could cause issues - any image hosted as http will. However, the warning shouldn’t be for every page once the banner is fixed and that’s the easist for me to fix without having members re-do avatars and searching through years of posts for any vulnerable images. The likelihood of a hacker trying to use an image vulnerability is pretty low so by fixing the easily found banner I think it will be fine. Some of the avatars are stored on site, so those won’t be an issue. I could load the others to our site and prevent new users from uploading their own, but I don’t think there would be a way to prevent someone else from using your avatar if I upload it to the site. I can also look at the settings for members posting pictures and see if I can restrict future images to https.
