The Push for a More Secure Web

Google is forcing websites to be labeled as secure.  They are doing this by leveraging the browser – Google Chome, to label non-secure sites directly in the address bar.  They are also speaking of making non-secure websites not able to be added to the Google index – which means that a Google Search won’t find your website.  This makes one of the most current SEO trends to be insuring a website is fully secure.

Dealing with Mixed Content Errors

As a web developer or an SEO professional one of the things you will inevitably have to deal with is the dreaded mixed content issues. For those still learning, mixed content is what happens when your HTTPS website either requests resources from an HTTP location such as an image, or when that HTTPS website has links on pages pointing to HTTP websites.

I know what you are thinking, “But I installed an SSL”. Well, the SSL certificate does not automatically fix those images being pulled from HTTP when the website is now using the HTTPS protocol. Fixing the issues, for the most part, is not that difficult with the correct access to the backend of the website.


Resolving Mixed Content Errors

There are several ways in which these errors can be resolved. The most common are doing it manually or using a plugin that forces HTTPS on everything. When dealing with a situation where you do not have access to the file system on the server the plugin option is the only option that you may have. Having full access to the file system on the server gives more options other than the plugin route.

WordPress Plugins

When working with WordPress most people try to limit the number of plugins installed and/or active on the site at any given time. The more plugins you have, the better the chances of some of them being way out of date and creating security vulnerabilities. 

If plugins are the only option you have then something like Really Simple SSL may provide all the features you need. It will force all URLs and resources to use the HTTPS protocol. Just know that plugins such as these are not always perfect. There are times where it will resolve 99% of all your HTTP/HTTPS issues. But, it may leave a thing or two untouched and forcing you to do some manual on page fixes. 

really simple ssl plugin

really simple ssl plugin

Other Plugin Options

Another plugin option that seems to work well but does pose some risk for the inexperienced would be a Find and Replace plugin that can edit the database. One such recommended plugin would be Better Search Replace.

The nice thing about this one is that it has a preview mode where you can test your changes and it will show you how many items will be altered. This is great if you know or think you have around 15 URLs that you know are still going to HTTP addresses.

If you test and the results come back with anything from 15-30ish URLs you can be confident that nothing will break if you commit those changes. I have also found that you can actually find all http:// entries and change every single one to https:// in one clean sweep.

Do I need to say do a backup first? Work smarter, not harder. Keep the rookie mistakes to a minimum and always run a backup of your site before making any modifications.

using better search and replace


Manually Correcting Mixed Content Errors

For those who possess Jedi web powers, you may prefer to do things manually and keep that WordPress installation nice and clean. Ok, maybe not “clean” but damn close to it. Using tools like SEMrush or SERPed will give you a report of all the mixed content on the site.

Looking at your report you might see that of the 100 mixed content errors reported, it may be the same 10 or 15 things repeated several times across the website. It may show 100 items but you really only need to fix around 15. This can be done relatively fast, especially when you know or built the website to begin with. 

Mixed content errors are not extremely difficult to fix. At times they may be hard to find depending on the theme used for the website. Unfortunately, they are something that has to be addressed in order for your SSL Certificate to fully cover your site.

Your choices are doing the work yourself or outsourcing to someone else. If you decide to do the work yourself make sure you create a backup before you start then take your time and check your work. Don’t forget to clear that cache if you have one.

If you decide to hire outside help make sure they know what they are doing before handing over access to your website. In either case, you should be able to resolve all mixed content errors and secure the website with the SSL Certificate.