Everyone wants their website running with 100% uptime & secure from all the bugs, virus & specially hacks. Security becomes our priority when we engaging with personal information like credit cards, bank details etc.
Need For SSL
We required SSL or HTTPS when a form or website carry sensitive information like login credential, financial information, user feedback etc, – which needed to be save securely at server.
But the browser gives warnings for webpages served via HTTPS that include HTTP objects, like images, pages, doc, video, scripts, forms etc. To fix these browser warning messages, you need to make sure that you don’t serve any HTTP objects on an HTTPS page. Browser warning messages may put some of your site visitors on high alert, causing them to not initiate any sensitive request.
Resolve SSL Mixed Content Error
Once you install SSL certificate on your site, their is 3 ways to fix the issue with the access of server.
1. Force All Pages To Move On HTTPS
If you want to serve every page of your WordPress site via HTTPS, just go to your
WordPress Admin Panel > Settings(Left Side Bar) > General and change the WordPress Address (URL) and Site Address (URL) from HTTP to HTTPS.
2. Forcing Certain Pages To HTTPS
If your requirement is fulfill by few pages that you want to force load via HTTPS, and the rest should be the same as HTTP by default. So there are two ways to do that:
- From Server
- By WordPress Plugins
- WordPress HTTPS (SSL)(Last Updated 5Years Ago)
- iThemes Security(21st Sep'2017)
Plugins is easily manageable that provide the ease of a check box. You check the box if you want the page loaded via HTTPS, or you leave it unchecked.
3. Force HTTPS Logins & HTTPS Administration
Simple way to secure WordPress logins or entire wp-admin area, Set one of these two option in the file wp-config.php constants:
You don’t need to set both options, just one or the other because FORCE_SSL_ADMIN includes FORCE_SSL_LOGIN.
Find HTTP Objects Loaded On An HTTPS Page
These are few ways to find out naughty monkey:
1. View Source
Simply open your faulty page with HTTPS, & open the source code of page (right click anywhere on the page & click View Page Source/Source.
Then use the Ctrl+F to call the find command & looking for
src="http:. Basically we are looking for objects which are using HTTP instead of HTTPS.
2. Via WordPress Plugins
We find out plugins for you to do the View Source job are:
When you are browse your site with HTTPS along with one of the plugin active, so it will inform you via notification as it found any HTTP objects
3. By The Help Of Website
If you found above mentioned both options hectic or tough. We have a better solution for you, you just need to paste your website url into this website WhyNoPadlock.
WhyNoPadlock is a free testing site that provides you with a report of all the insecurely-loaded items.
Just paste your website’s full https URL into the box on WhyNoPadlock and get a report about:
- Images called insecurely from linked css and js files.
- Expired cert, invalid or missing intermediate certificate. (including 3rd party SSL certificates)
- SHA-1 algorithm test, POODLE test, insecure form calls for Chrome.
4. By Google Chrome Inspect Console
Chrome’s Inspect has a Console tab. If the HTTPS page displays yellow, grey or red in the address bar, open the Console to see the insecure objects.
Right click on Page then select Inspect option & looks for console tab, which shows every error on your page which restrict the complete HTTPS request.
Fix The Causing Objects
The simplest way to fix & the most common problem is the URL of Objects (Script, Images etc.). Just replace