How to fix WordPress mixed content SSL warnings?
If you are a website owner, securing the sensitive data of your users becomes your primary responsibility. You can ensure this by providing your website with the highest degree of security by installing an SSL certificate. However, care should be taken when installing SSL certificates and comprehensive steps should be taken to implement them properly.
You need to make sure that all content, scripts, and URLs load over HTTPS and not HTTP, otherwise you will be prompted for WordPress mixed content warnings and Google will notify visitors that web pages are ‘not secure’. It can reduce the user experience of your website, increase the bounce rate, thus negatively affecting the SEO of the website.
So, let’s dive deep into the basics of mixed content errors in WordPress and see how or what causes them and find solutions to fix them.
What is an SSL certificate and why are they essential for your WordPress sites?
The SSL certificate is a digital certificate issued to websites by a certification authority (CA) that changes the protocol of websites from unsecured HTTP to secure HTTPS.
After installing an SSL certificate on the server, all communication between the user’s web browser and the web server takes place through a secure encrypted path, making all user data unreadable and protected from potential cyber threats such as Man-in-the-middle attacks.
The SSL certificate introduces a visual symbol of trust, a padlock in front of the website URL, which increases the trust quotient of users and authenticates the website and gives it a higher ranking on the Google search engine results pages and contributes thus to increase conversions.
Types of SSL certificates for your WordPress websites
SSL certificates can be understood primarily based on two factors, the type of validation required and the basis of the number of domains and subdomains to be secured.
The three main types of validation-based SSL certificates:
- Domain validation (DV): A DV SSL certificate involves a simple verification proving the ownership of the domain before granting it SSL protection by the CA.
- Organization validation (VO): An OV SSL certificate verifies domain ownership and performs authentication verification of the organization to which the certificate is to be issued.
- Extended validation (EV): An EV SSL certificate offers the strictest level of customer trust and reputation, as a thorough check of background, legal status, address, etc. is done.
After deciding on the type of validation, choose between securing your website with a standard SSL certificate with single root domain protection. Or a generic SSL certificate that also secures all subdomains, a step below the root domain with a single certificate, or a Multi-domain SSL certificate which offers the ease of securing multiple domains and subdomains at the same time.
Understanding WordPress Mixed Content Warnings
After choosing from an array of available choices, a padlock is placed in front of your website URL. However, if your SSL certificate has configuration issues, an information panel or a broken padlock will appear in the address bar.
This indicates a mixed content warning that will appear in your visitor’s browser. A mixed content warning shows that even though your website is running on an SSL certificate, it still loads some scripts from HTTP URLs.
There can be many reasons for getting mixed content warnings in WordPress, ranging from hard-coded HTTP links in the codes (CSS and JS files) of themes to WordPress plugins by developers.
Additionally, it can result from having links to external content in your CSS and JS files, the resources of which may not be HTTPS compliant. Another most common cause that results in mixed content error in WordPress is the hotlink images uploaded to the page, which are the images that have hard-coded links to resources that don’t use HTTPS.
Recognize and locate WordPress mixed content errors
You can recognize mixed content errors on your WordPress website and locate each resource upload over HTTP using the Inspect tool.
Additionally, you can check them manually from Chrome Developer Tools. First, open your site in Google Chrome by right clicking on the page where the mixed content error is displayed and select “Inspect”. On the Console tab, a list of details of all mixed content items that the browser has recognized as unsafe will display as a warning.
If there are only one or two mixed content items that need to be corrected, you can correct it manually by going to this page or by posting and editing it.
However, if the list of mixed content errors is long and manual corrections are not possible, then; in this case, there are many WordPress tools or plugins available, such as “SSL Check”, “Why not padlock” which can be used to recognize resources causing mixed content warnings.
Ways to fix mixed content warnings in WordPress
Thus, mixed content warnings can be further resolved by following these processes:
Check the validity of your SSL certificate
Always keep the validity of your SSL certificate up to date and keep track of its expiration time, as SSL certificate expiration can be one of the reasons for WP mixed content warnings.
Change WordPress internal URL from HTTP to HTTPS
Check the correct integration of the SSL certificate for HTTPS encryption and change your internal URLs from HTTP to HTTPS in WordPress.
- Log in to your dashboard and go to Settings> General:
- In the text boxes next to WordPress address and Site address, replace HTTP with HTTPS:
- Click on the Save changes button. Now every URL on your WordPress site needs to be loaded over HTTPS.
Using the SSL Non Secure Content Fixer plug-in
Install and activate the Insecure Content Fixer SSL plugin on your WordPress site.
Go to Settings »Insecure SSL Content plugin settings configuration page.
Here there are many configuration options available, providing a different level of fixes to resolve mixed content warnings. Choose the option that best solves your problems.
In conclusion, we can say that securing your WordPress site with an SSL certificate to protect your visitors’ vital personal and financial information from any data breach should be your top priority.
Earn the trust of your visitors with the visual symbol, a padlock loudly announcing the security measures you have taken to protect user data with SSL certificate security.
However, this trust should not be lost by having WordPress and Google mixed content SSL warnings advertising your website as “insecure”. You need to work to fix the mixed content error with the processes outlined above and be ready to reap the benefits of your visitors’ trust and more conversions.