Fix Insecure WordPress Content Quickly With These Tools And Everything Worth Knowing About SSL Including Its Hackability

Before we jump into fixing any insecure content, you may want to glance over our Guide To All Things SSL for reference.

Purchasing the installing the SSL certificate is the first step to secure your WordPress site. Let’s assume you already did it. Unfortunately, in order to change the HTTP in a user’s browser to HTTPS can be more complicated than a simple certificate install. Everything on the page must be equally secure. If the lock on your SSL cert refuses to lock, you most likely have some insecure content.

Once your website has an active SSL certificate, all pages and posts should load with the HTTPS protocol. That’s the way it’s supposed to work, at least and most likely what you’re expecting. But if your website included any insecure content, it will load through HTTP by default and your users will see the following message, defeating their trust and confidence in your site:

The dreaded mixed content insecure site error message

What Exactly Is Insecure Content?

Insecure content isn’t as nefarious as it sounds. In reality, it’s usually related to your website’s coding and has nothing to do with your SSL certificate. The insecure content was already there before you installed the SSL. 

This insecure web content can be anything from CSS, JavaScript, hard linked photo or image, improperly embedded video or even basic HTML. And the fact that it can be, and often is, any number of things is why it can get frustrating to track the down the culprit(s).

Essentially, you’re looking for that one or couple pieces of content that is getting downloaded onto the page without HTTPS.

  • What elements or content are hosted on a third-party site that is not using HTTPS?
  • Is the SSL certificate of any third-party sites providing content (images, video, etc.) expired or invalid?

Mixed content – a page with secure and insecure content – is by definition not secure and cannot be browser locked. That’s going to cost you some trust and visitor confidence, so it’s important to track down the insecure content sources.

Protecting your WordPress site with SSL is the first step

How To Locate and Fix Insecure Content

Thankfully these days we have a few advanced tools we can use to alleviate our frustrations of manually discovering the root cause of insecure content. 

HTTPS Checker

This handy free tool will automatically scan your site and check for any insecure content along with any potential HTTPS migration issues.

Why No Padlock?

Catchy name that tells you everything you need to know. Enter your URL and the tool finds any insecure items on your site.

Once you’ve identified the insecure content, you can fix the issues.

Install the free SSL Insecure Content Fixer plugin for WordPress. The plugin corrects most mixed content warnings automatically. For more complicated issues, the plugin will provide helpful guidance.

Delete the insecure content from your site or re-upload the content, if licensing allows, directly to your site.

Use a reverse search to locate a secure site with the same or similar content and replace the link.

Dealing with insecure content on your WordPress site after you’ve bought and installed a SSL certificate can be frustrating. Luckily, thanks to a helpful plugin and free scanning services it’s never been easier to locate insecure content and fix it to win back that coveted browser lock.

The most important thing is not to procrastinate. Deal with the mixed content issue as soon as you discover it. Every additional hour that goes by is another hour your website visitors will see that embarrassing error message letting them know your site isn’t secure and shouldn’t be fully trusted.

Rad Mitkov
Rad Mitkov
Radoslav is a senior motion graphics engineer and designer specializing in 3D modeling prototypes for digital marketing platforms. Rad frequently writes on WordPress, site optimization and cybersecurity topics.