Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

WordPress site is not shown as secure even though is opened via HTTPS

 
add onantiviruscssdeveloperhosted

Symptoms

  • A website is opened in a browser via HTTPS but is not shown as "secure".

  • The certificate is valid;

  • Page source code contains links to non-secure resources, for example:

    <link rel="stylesheet" type="text/css" href="http://www.example.com/css/style.css" />
    <script type="text/javascript" src="http://www.example.com/js/jquery.js"></script>
    <script type="text/javascript" src="http://">www.example.com/js/validation_form.js"></script>

  • Chrome browser shows warning: "Your connection to this site is not fully secure"
  • Norton antivirus blocks access to the website: "Dangerous web page is blocked"

Cause

The website has mixed content. In other words, even if the website is loaded over HTTPS some of the files for the website are loaded over HTTP.

Resolution

In case of a WordPress site, WordPress HTTPS add-on can be installed. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix. Here are some typical examples.

  • The element is external (not hosted on the server) and is not available over HTTPS. These elements will have to be removed from the page by disabling or modifying the theme or plugin that is adding the element.
  • The element is internal (hosted on the server) but does not get changed to HTTPS. This is often due to a background image in CSS or an image or file path in JavaScript being hard-coded to HTTP inside of a CSS file. The plugin cannot fix these. The image paths must be changed to relative links. For example `http://www.example.com/wp-content/themes/mytheme/images/background.jpg` to simply `/wp-content/themes/mytheme/images/background.jpg`. Ensure that the entire path is copied, including the prepended slash.

To identify what is causing the page(s) to be insecure on the website, follow the instructions below:

  1. In a web-browser, open the page, that is having issues.

  2. Open the Developer Tools (F12).

  3. Switch to the Console tab.

    For each item that is making the page partially encrypted, it is required to see an entry in the console similar to “The page at https://www.example.com/ displayed insecure content from http://www.example.com/.” Note that the URL that is loading insecure content is HTTP and not HTTPS.

    Once the insecure elements are identified, review the website code, e.g. figure out what theme or plugin is causing these elements to be loaded.

 

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit