Find SSL errors in your blog

RazielKanos14. March 2020

3 min read

How do unencrypted elements appear on the website?

A valid SSL encryption is now a ranking factor for websites in Google. So it is very important for you that all content is securely encrypted and passed on to your visitors. However, it happens again and again that some elements are transmitted unencrypted, even though your domain is encrypted.

An extremely common reason is content provided by another site. Through the so-called embedding of content, sometimes pictures or videos are displayed on your site without encryption. This can be for example an avatar image in the comments. However, some plugin developers also sloppy and have domain paths in their code or in the database through a http:// link inserted. In this case the content generated by this plauign will be displayed as a single element unencrypted.

Why is unencrypted content a problem?

Theoretically, a hacker can change an unencrypted element during transmission. For example, a login button could be modified to send the access data to the hacker's server. Therefore, modern browsers warn visitors about pages with mixed content, i.e. partly encrypted and partly unencrypted.

Cautious and mistrustful users can get obscured by these wasrnings and stop visiting your site, in the worst case they have concerns about entering files on your site or buying something in the store.

How to find unencrypted content?

Incorrectly integrated content is a nightmare, because you can search for hours without finding it. How good that there is a free service that analyzes your site and tells you exactly what is wrong! 😀

At "Why no Padlock?" (Why no Padlock) you will find this service. It works very simple, enter the URL to the page where you get an SSL error in the search field and start the scan process. Ideally the result looks like this:

How to fix the errors found?

This can be quite a tricky thing. It always depends on what "Why no Padlock" found on your page. Usualy the website gives you some hints what you can do to fix your issues.

Maybe you will also find some help in our community!

Force SSL

There are some different way how you can force your webserver to deliver your content in SSL

Force SSL via htaccess

The next lines are dependant on your hosting server, but should work on most hosters just fine. Just copy these lines into yout htaccess file

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force SSL via Plugin

There are also plugins out there that help you work with SSL. One of the most famous might be Really simple SSL – you can find it in the WordPress repository. They also have a pro version, and in an upcomming tutorial we will show this plugin more in depth.

Still questions?

Just throw me a line here, and I will see if I can help you 🙂

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x

Hey!

Would you like to know what I am currently working on?

We use cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Click to learn more