WordPress site is not shown as secure even though is opened via HTTPS

Created:

2017-04-15 19:42:36 UTC

Modified:

2017-08-08 13:17:20 UTC

0

Was this article helpful?


Have more questions?

Submit a request

WordPress site is not shown as secure even though is opened via HTTPS

Symptoms

  • Wordpress site is opened in a browser via HTTPS but is not shown as "secure".
  • The certificate is valid.

Cause

WordPress site has mixed content. In other words, even if the website is loaded over HTTPS some of the files for the website are loaded over HTTP.

Resolution

Install WordPress HTTPS add-on. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix. Here are some typical examples.

  • The element is external (not hosted on your server) and is not available over HTTPS. These elements will have to be removed from the page by disabling or modifying the theme or plugin that is adding the element.
  • The element is internal (hosted on your server) but does not get changed to HTTPS. This is often due to a background image in CSS or an image or file path in JavaScript being hard-coded to HTTP inside of a CSS file. The plugin can not fix these. The image paths must be changed to relative links. For example `http://www.example.com/wp-content/themes/mytheme/images/background.jpg` to simply `/wp-content/themes/mytheme/images/background.jpg`. Ensure you copy the entire path, including the prepended slash (very important).

To identify what is causing your page(s) to be insecure, please follow the instructions below.

  1. Download Google Chrome.
  2. Open the page you’re having trouble with in Google Chrome.
  3. Open the Developer Tools. How to access the Developer Tools.
  4. Click on the Console tab.

For each item that is making your page partially encrypted, you should see an entry in the console similar to “The page at https://www.example.com/ displayed insecure content from http://www.example.com/.” Note that the URL that is loading insecure content is HTTP and not HTTPS.

Once you have identified the insecure elements, you need to figure out what theme or plugin is causing these elements to be loaded.

 

Have more questions? Submit a request
Please sign in to leave a comment.