The built in mixed content fixer in Really Simple SSL fixes all mixed content that’s part of your websource. But there are some types of mixed content that need to be fixed, either manually, or by Really Simple SSL pro, because these are hardcoded in files on your site, or because they’re hardcoded in files on other domains, or because the requested domain does not have an SSL certificate.
If the mixed content fixer is active, but you still don’t have the green lock, you have a type of mixed content that can’t be fixed automatically:
Some .css or .js files contain hard coded http links, which will cause mixed content warnings. For example if you use a theme that generates custom css with hardcoded http links, this will cause mixed content warnings.
- Hot linked images
If you have embedded an image on your domain, domain-1.com and the URL to that image is domain-2.com, and domain-2 does not have an SSL certificate, this image will be blocked by the browser.
These will get fixed by Really Simple SSL, but again, if the remote domain does not have an SSL certificate, these files can’t get loaded over https.
- Included js or css files on other domains, and this domain does not have an SSL certificate
If you include files from another domain, this domain also needs to have an SSL certificate.
- http links in css or js files on other domains
If the remote files can get loaded over https, but contain hardcoded http links (which happens a lot) mixed content warnings are the result.
These links can be located in theme files, plugins, or maybe in a widget you inserted on your site. Sometimes images are inserted from another website with their url, which won’t work anymore if that url can’t load on SSL.
To find these issues, you might consider buying the Really Simple SSL pro plugin, which scans your entire site for all possible issues in files and database, and creates a list of issues to fix and when possible it offers a “fix” option. If not, you’ll get instructions how to fix it. For example, the plugin can’t fix a hot linked image if the image doesn’t exist, or if the remove server blocks the downloading. Besides this, you get added options that improve your security, like HTTP Strict Transport Security, the preload list, a certificate expiration warning option, mixed content fixer for the admin, and more.
If you want to do this manually:
If it is, you’ll have to track down the urls that were not fixed automatically.
- Clear any cache in your browser, by clearing the history
- If you have a caching plugin active, clear the cache and check if it has been cleared.
Still getting mixed content warnings? Follow these steps:
Open your site in Google Chrome,
Right click on your website. A drop down will appear, with an option “inspect element”
When you click this option “inspect element”, part of your browser changes into a development screen:
To enter the console, simply click “console”. Then you will see the mixed content warnings, like:
Mixed Content: The page at ‘https://domain.com’ was loaded over HTTPS, but requested an insecure image ‘http://domain.com/…’. This content should also be served over HTTPS.
Now we are getting somewhere! In the red characters, you will find some links. These links are the cause of your frustrations. How to fix them depends on your theme, plugins, etc.
First we will check if the problematic link is located in the websource, or in some other file, .js or .css for example. To do this, we go back to the normal website, right click, and now select “view source”
If we click “view source”, we now see the html code of the page. Do a search (ctrl F or cmd F) on the insecure link you found in the previous steps.
If the link is not in the source, it is probably located in a .css or .js file, generated by a plugin or your theme. Check all your plugins, resave the options, and do the same with your theme.
To find mixed content in your css or js, you can also download these files from your server, do a search on the file, and replace any http links you might find.