Why is my site still not secure?

Really Simple SSL is designed to enable SSL with one click. It couldn’t be any easier! For over 95% of sites that install Really Simple SSL, this one click will do the trick. While you are here, I suppose that you are one of the other 5%. Don’t worry, we’re here to help! In this article we’ll summarize the most common issues, along with instructions on how to solve these issues.

Please note: With the exception of cause nr. 1 (issues with your SSL certificate), the extensive site scan & fixer included in Really Simple SSL Pro will help you solve any remaining problems without having to do manual debugging or coding. With Premium support included, we’ll have your back! Explore Really Simple SSL Pro.

Really Simple SSL requires a valid SSL certificate

The one thing we can’t do for you: provide you with a valid SSL certificate. You can do a quick check by visiting your site and clicking the ‘not secure’ warning, next to the address bar. If your certificate is invalid, this pop-up will tell you:

Chrome invalid certificate warning

If you haven’t generated an SSL certificate for your site, you can use our detailed tutorial to generate a free Let’s Encrypt SSL certificate. These days, most hosting providers provide a free SSL certificate as part of your plan with them, so you could also reach out to your hosting provider to generate an SSL certificate for your domain.

If you are certain that you are in the possession of an SSL certificate, but the certificate shows as invalid, perform the SSL certificate check on SSL labs to find out why it appears as invalid.

Mixed content

When SSL is activated on your site, it loads over https. Especially when your site has been operational without SSL, the job isn’t done by just activating SSL. There will be references to http URLs all over your site. “http://” references on a site loaded over SSL is considered mixed content, as http and https references are ‘mixed’. Browsers will still not consider the site as secure, because of these insecure http requests.

Really Simple SSL is just the tool to clean your site from http references. After activating the free Really Simple SSL plugin, all static http references in your site’s HTML will be converted to https. There are however a lot of possible places where mixed content can occur, which can be harder to replace. For example think about hardcoded links in your theme files, CSS and JS files or references to external sources. Because locating and fixing all these references manually can be a difficult and tedious job, we developed the extensive site scan and mixed content fixer in Really Simple SSL Pro.

If you want to read more about mixed content, or want to do a deep-dive in fixing mixed content manually, refer to our detailed article about mixed content.

Redirect to https not successfully activated

After activating SSL on your site, you want to redirect all visitors to the https version of your site, to prevent any insecure requests being made to your site. By default, Really Simple SSL enables a 301 redirect to https via PHP. Depending on your site setup and server type, the .htaccess 301 redirect is preferred over the 301 PHP redirect, as it works with caching. For any problems with the redirect to https, read our troubleshooting guide.

Lightweight plugin, Heavyweight Security features. Get Pro and leverage your SSL certificate for WordPress security standards.