WordPress SSL Settings and How to Resolve Mixed Content Warnings

Posted on by

You have a WordPress website, that’s amazing and nice. But just having this is enough? No, for a website to run smoothly and accurately there are many things which are important and need your detail concern. So, what are they and how they can be managed?

A simple mistake in the design or a bad content loaded on the website can put your business in trouble.

On the other hand, the most important is the security, which is covered by SSL certificates. Well, this enhanced security is very very important for the protection of the data and the warnings flashed time by time on your website.

It is essential to install the right kind of SSL certificate which is authenticated by the trusted certificate authorities – CA. There are many Cheap SSL certificate providers across the globe and ssl2buy.com is one of them.

This assures total protection and security of your data and other credentials on the website.

So, does WordPress have different settings for SSL certificates to protect them from malicious warnings, let’s see.

WordPress SSL settings

So your website is SSL certificate protected and you have https installed on the website which gives you a green padlock sign in the address bar which says that your website is safe and secure.

On your WordPress website when you already have the https installed with SSL certificates you can go to the https plugin (s) or use the wp-config.php constant(s) for better functioning.

But when you do so, you happen to see the browser flashing warning signs about mixed content and insecure content. This is a trouble for your website which already has https feature installed.

So, what to do: Cleaning up your WordPress website is the first basic thing which you can attempt.

Although there are many methods to eliminate these SSL warning signs and mixed content error messages. But clean up is something very basic.

Start cleaning your website that has insecure HTTPS content and shows mixed content warnings. How to do so is by installing SSL Insecure Content Fixer plugin.

This will help you to show up and fix majorly all the insecure content warnings with fewer efforts and in less time.

Apparently, there are many others as well that shall be fixed but for these, there are other tools as well.

When the SSL Insecure Content Fixer is installed, its default settings start working on your WordPress website and start working automatically to fix up the errors using the Simple fix level.

Later there is an option to choose a comprehensive fix levels also if at all it is needed by your website.

Next with WordPress website and the WordPress Multisite you get a network settings page. This can be further utilized to set the default settings for all your websites within your network.

By this, the network administrators realize and come to know that only a specified settings on the sites are required that are differing from the network defaults.

For unsecured contents there is always way out, look below

Have you ever heard about the “View source” feature? Yes, this one is for you.

The https page which is showing the unsecured content, open it and right click on the page (it can be anywhere), there you will see the “View Source” or “View Page Source” option.

On this you will have to use the “Find” command like this – Find or Ctrl+F or Cmd+F) and here then you look for – src= “HTTP: (with double quote) or src=’http: (with a single quote).

This will give you the search for the images, iframes, scripts, graphics and
other unsecured contents that is without non-https.

If you are lucky enough for not to find any such thing on the page, you are sorted, but in case you have found then it has to be fixed with tools. Likewise, follow the same process for other pages as well.

You can also use a third-party website for looking the other mixed content stuff

For example – there are websites like WhyNoPadlock checks the https and non-HTTP contents on your websites – all for free.

You get all the details as well if you find a mixed content or diluted content, you can easily fix it up by using the details and check for the next as well.

In case if your visitors and customers of your website are still viewing the mixed content warnings, especially if your website contains HTTPS and also the HTTP content.

Now, this is not good for your business and for your website’s security and credibility. Thus, it is very important to keep an eye on the performance of your website by regularly checking with these tools and in case you find something not working then fix it immediately.

For mixed content, warnings use loading assets over HTTP

What are the assets of your website, we are talking here? They are the images, graphics, and the JavaScript and also the CSS.

But if your WordPress website is not installed with the https feature then these assets will certainly run with a problem in loading and work.

And this is because, these assets can be loaded without https also, which means without https also, by default they can often be configured on your website.

Now when this happens they will stop showing the padlock in the browsers, and you will see an exclamation point warning sign every time your user comes to your page or try to use any information.

One can also use Google Chrome Inspector Console

It is a kind of Console tab which you find in the Google Chrome’s Inspector section.

It happens when your HTTPS page is displaying a yellow colour or a red colour in the address bar, then an open Console tab is seen on the one or multiple insecure assets of your WordPress website.

So you use this tab as it is quick, easy, and can be used on any of the web pages which you can access, unlike the WhyNoPadlock which is on the front-end.

There is something where you need to manage your HTTP assets to https ones

Once you have discovered the HTTP assets on your WordPress website, now you would want to change those offending one into clean ones or just eliminate them.

For this, you need to change them to the protocol i.e. one which serves HTTP needs to be changed into HTTPS or just change all the HTTP pages into https ones.

For doing so, these two methods will work the most:

Use relative URLs – This is simple, here if your assets are hard-coded and mixed with errors then change the plugin from – http://site.com/assets/logo.png to //site.com/assets/logo.png, this will help.

Or

Try using accurate WordPress coding standards. This can be a bit complicated for you but it will serve or fix all kinds of things like: Code that forces HTTP – as in why HTTP, using denounced WordPress functions which do not follow SSL settings or Code that fails to implement on its own.

All these unsecured things and errors can take a tool of your time to resolve and can damage the credibility of your website.

One response on “WordPress SSL Settings and How to Resolve Mixed Content Warnings

  1. Jim Aron

    You could solve mix content by forcing all your website URLs, and resources to https. And, in order to do that you could set-up HSTS from the server end. After updating your website SSL certificate, you should go with final redirection 301 for your pages, and then only you could see clear result that which are links https and which are not.

Leave a Reply

Your email address will not be published. Required fields are marked *