Easy HTTPS for WordPress
Fix the "Not Secure" label in your browser
Need to secure your WordPress site? Look no further.
If your WordPress sites haven't been secured with HTTPS and an SSL certificate yet, this page will help you understand what's going on, and what we think is one of the best & fastest ways to fix it (although we're definitely a bit biased!).
Background
What is this scary "Not Secure" label?
Are you seeing this in your browser now when you visit your website, or your clients' websites?
On July 24, 2018, Google released a new version of its Chrome web browser. In
this new version, all sites and
web pages that are not using https to encrypt traffic are being labeled as Not Secure in the
address bar.
As the most popular web browser in the world, with approximately 60% market share, it's important to pay attention to how your website loads in Google Chrome. Other browsers, such as Firefox, also show indicators that a website is not fully secure.
If this label isn't scary enough for visitors to your web page, then just click on the Not Secure label, and you'll see this:
This label used to only be shown for pages that contained form inputs, once a visitor started to enter text into one of the form fields.
Now it is shown on all pages. All of the time.
Eventually, Google plans to make this warning even more severe, and will look like this:
What will it look like once I fix it?
Website and pages that are properly secured using an SSL certificate and a compatible server will show Secure and a green padlock next to the website URL.
Fixing The Problem
How do I fix my website?
Securing your WordPress site starts with your hosting provider. Several WordPress hosting providers - including SITE DISTRICT - provide free SSL certificates from Let's Encrypt.
On SITE DISTRICT, enabling HTTPS on your website is as easy as a few clicks. Just go to the HTTPS page for your site inside the SITE DISTRICT dashboard, open the dialog to enable HTTPS, click Update, wait about 30 seconds, and you're done.
Is that it?
On SITE DISTRICT, yes, that's usually all that is required. No WordPress plugins are necessary. This is often not the case on other WordPress hosts.
We automatically update the URLs in your
WordPress database to use https when you enable HTTPS on your website.
In some cases, your site may still need a few fixes. We'll talk about this in just a bit, under the Mixed Content section.
Migrating to SITE DISTRICT
But wait, I'm not hosted on SITE DISTRICT ...
If your WordPress website is hosted elsewhere, don't panic. You can work with your existing hosting provider to add an SSL certificate to your website. Many hosting providers let you add a free SSL certificate to your site with just a few clicks. You can also use Cloudflare if you're willing to change your DNS nameservers.
However, other hosting provider & solutions for HTTPS also have their downsides.
Other solutions may leave you updating URLs in your WordPress site by hand, may not fully secure or encrypt traffic to your website, or might be so complicated that you need to hire someone to set it up for you.
Secure your website with SITE DISTRICT
If your host doesn't provide free SSL certificates, or you want to get better security and performance for your WordPress website at the same time that you are enabling HTTPS, you can use our WordPress Site Importer to quickly migrate your site to SITE DISTRICT.
Why would you go to the trouble of switching hosting providers to secure your website?
The best reasons for migrating your website from your existing hosting provider to SITE DISTRICT are:
- Speed and Performance
- Security
- The easiest and most complete way to enable HTTPS (see above)
- It's fast and easy!
Sites hosted on SITE DISTRICT are often 2 - 4 times faster or more, compared to other hosts. In fact, if you can get your WordPress site to run faster somewhere else, we want to hear about it!
Importing to SITE DISTRICT
Importing your site to SITE DISTRICT is fast and easy in most cases. The steps are:
- Sign up for a Free account
- Add your site to our dashboard by entering your domain name
- Enter your WordPress Admin credentials
- Click Import Site
That's it!
We believe we have the easiest and fastest site migration process for WordPress out there. Most sites can be imported to our platform in less than 15 minutes.
Securing Your Imported Site
Once you've imported your site to SITE DISTRICT, follow the steps above and you'll have a secure website with a green padlock in no time at all.
Is securing your WordPress site with HTTPS really this easy? In many cases, yes. But in some cases, you may have a bit of extra work to do ...
Mixed Content
What is Mixed Content?
Even after enabling HTTPS on your WordPress site, you may have some pages that either are not fully secured, or are actually missing fonts, stylesheets, and JavaScript.
This is called Mixed Content.
If a page loads images over http, the https that is shown in your address bar will turn gray, and if you click on it, you will be shown another scary warning.
A page will have Mixed Content errors or warnings if it includes links to resources (images, stylesheets, fonts, scripts)
that use http instead of https.
Here's the Security tab from the Development Console in Google Chrome, for a site that has mixed content errors:
Firefox shows similar warnings for mixed content.
Detecting Mixed Content
You can check for Mixed Content warnings and errors using Google Chrome by opening up the Development Console.
Even if the main page on your website is secure, you might have a page buried inside the site that actually has Mixed Content. Finding these issues can be time-consuming if you try to do this manually.
To make the process of checking websites for mixed content easier, we created a free tool that will crawl a website and check up to 50 pages on the website for Mixed Content.
The tool is quick and easy to use - all you need to do is sign up for a free SITE DISTRICT account.
Once you've created an account, you add your site to the SITE DISTRICT dashboard by specifying your domain or site URL, and you're all set to go.
Running an HTTPS check for mixed content errors and warnings looks like this:
This tool uses Headless Chrome to crawl your site, which means it is highly accurate and won't miss mixed content that results from
JavaScript, http links in CSS stylesheets, and it won't report false positives from http URLs
that aren't actually loaded by the browser.
There are other tools out there that will check your site for mixed content, but they either won't crawl your whole site, or they are inaccurate because they don't run a real browser.
Fixing Mixed Content
If you have mixed content issues on your website, and you're not hosting on SITE DISTRICT, you may have to run a URL search & replace on your database, edit, update, or hack your theme or plugin files, or use an SSL plugin that attempts to fix the issues for you, but often slows down your site a bit.
On SITE DISTRICT, we automatically fix most mixed content issues, and we are building tools and enhancing our platform to fix more complicated cases. If your website is hosted with us, and your site still has issues, we'll work with you to ensure that your site is free of mixed content issues.
Summary
We hope that you've found this article informative and helpful, that you now better understand how HTTPS works in the browser, and you know what to do next if you have a site that doesn't have HTTPS yet.
If you have a WordPress site that you need to secure, or if you're just looking for better WordPress hosting, join the thousands of other happy customers and give us at SITE DISTRICT a try. Unlike most other hosting providers, it's free & easy to sign up, and you'll get the personal attention you need to be successful.
Twitter
Facebook
Linkedin