[ad_1]
I just tried a lot of things to install basic SSL and the plugin Easy SSL to secure my website.
But when I visit my website, it shows a lock with a triangle to warn for unsecured images and unprotected data.
Is there something I did wrong or will I need the pro version? I know there are some manual things you can do to improve security but not sure if I am skillful enough for that.
[ad_2]
You need to check to see if all of your images had their permalinks updates to `https://`
Your site is not configured to serve everything over HTTPS. Somewhere in your code you may be loading from HTTP. Which web server are you running? nginx and Apache can resolve this in the config. Also check your Console (Network tab) to see which resources are being loaded unsecured.
SSL is provided by a cert that is “installed” on your host.
It works like this. You have a program on your host that serves web pages to your audience. That is usually either Apache, or NginX.
When someone types in your websites URL, they are directed to your hosts system which is configured to respond using the web server program (apache or NginX) on a given port. By default this is port 80. This is “unsecured”, unencrypted network traffic.
SSL encryption works by using a certificate file that lives on your host, in cunjunction with your web server application, be it Apache or NginX. That web server app will use the cert file as a way to encrypt communication too and from your server, but on a different port. By default this port is 443. This switch is denoted in the browser by http ^((port 80)) or https ^((port 443)). If you don’t have a certificate installed on your host and your host is not configured to use said cert, it will not answer on port 443, and https, will not work.
So, installing a plugin will not solve this issue. All the plugins for WordPress do is try to intercept calls from your sites scripts to appropriately answer on port 80 or port 443 depending on the browsers query. This is necessary because some themes or scripts will have a hardcoded http instead of an https or visa versa, which could cause a broken lock to appear on a site that would otherwise be secure.
Imagine for a moment that your website loads on port 443, so [https://www.mysite.com]) but you have a hardcoded logo in your theme that’s pointing at [http://www.mysite.com/images/logo.png]), this would load via SSL, on port 443, but it’s asking for insecure content, which would produce a broken lock icon in your browsers window to let the user know that the content loaded wasn’t entirely secure.
What you need to do is have your host install an SSL cert, and properly configure your web server to answer on port 443.
Then your plugin will have a chance to do it’s job. Otherwise it’s kind of sitting there not quite understanding what it’s supposed to be doing.
Yikes! I’m sorry your hosting company is too backward or money-grubbing to automatically provide and configure free SSL for you. If they did they’d almost certainly also have an option to automatically force all HTTP to HTTPS for anything in your domain.
As others have said you can go through your site and manually replace all instances of “HTTP” with “HTTPS.” Or use a find&replace plugin to do it for you (after you’ve made a solid, restorable backup of course.)
no, you just need to update your resource links to https. you can either use plugin for this such as Really Simple SSL which should take care of it or you can just use Search and Replace plugin where you find “http://” and change it to “https://”
Backup your site though, especially with the second method.
Just to confirm, properly configuring a basic, free SSL shouldn’t throw any security errors like the one you describe. You don’t need a premium SSL certificate to fix that.
I’d move that site to Cloudways for free SSL
Thanks guys but I solved it. So mixed content was the problem, making my website look unsafe.
My certificate seemed active, so that wasn’t the issue. basic SSL was active on my host website. So I checked my plugin again and it seemed to suggest completing some sort of configuration. The plugin is Really Simple SLL and easy to use.
I got the plugin up to 80% complete and then saw a green check next to “mixed content”. That was when I realised my lock icon would show up as closed/safe in browsers. I checked my website and it was. I am not sure if it is thanks to this little change I made, but it probably is.
One of the improvement suggestions was to not have the same author name as my login name. So I changed that.
Nothing wrong with your SSL.
It’s some of your content that is served from “http” rather than “https”.
Worth updating the permalinks from admin see if that fixes it quickly…..
there is a chance you are linking external images without https
There are plugins such as:
[https://wordpress.org/plugins/ssl-insecure-content-fixer/])
that will fix your mixed content.