Nowadays, securing a website is quite easy now that buying SSL is cheaper compared to how things were in the past. Nonetheless, issues get a little complicated when you have set up an SSL certificate for your website and shift it to the HTTPS protocol. Below are some guidelines to help you understand some SSL configuration mistakes for WordPress sites. Also, we offer some solutions to help you set up a well-functioning website.
SSL Certificates – How to Configure?
SSL offer a layer of security for a website and boost the level of trust concerning the content on the site and all the activities that take place. One of the first and most important things to start with is to buy your SSL certificate from a reputable service provider for installation on your website. You should shift your website’s URL to HTTPS protocol for proper configuration.
Understanding Mixed Content Warnings
The setup process can be tricky; thus they require an expert. Although you may have configured the site to utilize HTTPS links and not HTTP, you may still be at risk. Some links inside your website could still show links as HTTP since they are hard coded. In case you still have some internal HTTP links chances are that browsers can stop active mixed content on your website. When this happens, your site’s ratings on Google could drop and the security of your data breached.
That said, you must fix all the HTTP links well as they can occur within your themes files as part of a plug-in field custom field or links to images. A web browser like Mozilla provides users with a test page where you can see the nature of a mixed content warning. In this case, you’ll realize that there are other notifications on the browse bar on top of the SSL green bar. Take note of the shield that has a red X on the fist bar and the green padlock with a warning sign on the other one. The two show your SSL certificate is breached by an existing mixed content on your website.
The Problem with Mixed Content Warnings
In a nutshell, the SSL certificates exist to shield any data that is transmitted to a website. They act as a security guarantee for your clients to show them the data that comes from your website to theirs is legitimate and all their personal details are secure and encrypted. Many times a security hole pops up when your site indicates you give secure content although that doesn’t mean your links are secure.
Hackers get the chance to attack and infect dangerous codes to your website when you force a secure page to get content from a site whose security is compromised. As such, this breach can expose all data the secured website is protecting.
It’s because of these security threats you’ll find many web browsers blocking mixed content warnings. Without this action, it will violate the confidence and trust that your SSL Such will cause a website to face threats from malevolent activities and also risk sensitive data to strangers. Clients want the assurance that your sites offer what it says it does regarding the security of their information.
For example, in Chrome it might look like this:
And in Firefox it might look like this:
Establishing the Errors
Errors are responsible for making your website to produce the mixed content warnings.
However, you can use the following criteria to figure out the origin of the mixed content warning.
- If you copied and pasted any script into your
- If the content has a URL with HTTP
Look into your CSS background picture
- If the backdrop value uses HTTP
- If you attached an I-frame into a page using HTTP
- If your image file’s orientation is with HTTP or HTTPS
For instance, when you look at your website’s HTML code, you could see a code that redirects to an insecure link which might resemble:
The secure version should be:
Also, using your browser’s inspector code console might expose some issues. The console ought to list every item requested over the HTTP to help identify what could be the cause of the problem. Once you establish the cause, you can change them to HTTPS. Likewise, you could download a theme and search it through the code-base. Editors like ATOM can help you to scroll through various files at the same time until you discover the problem.
Fixing the Problem
If the problem is small, resolve it by just changing your URL in at least two points. Also, relative links to resources help to in many ways. The links assume the same protocol just as the website.
<imgsrc="/img/logo.png">. However, if the links are many, you can use a replace tool or do a database search. The free and open source tool might come in handy.
As a safety measure, before you run a database clean-up tool, remember to back up the entire co tent on your site and database. The process may be two-step based on the procedure you use.
Most service providers nowadays will serve requests over HTTPS meaning you are a bit safe to update from HTTP to HTTPS. What’s important is to research your options and if the resource you are utilizing isn’t available on HTTPS pressure the service provider to upgrade immediately.