skip to Main Content

Note: I checked similar posts but unfortunately I had no luck using their solutions

Take for example this post, SSL only working on half of site where the problem was that he only had the https:// on half of the site, but the problem I’m facing is a bit different since I already have https everywhere yet my site is still half secure and half insecure in its own weird way.


Background:
I just installed a new SSL certificate on my website running on a Lamp Server - Ubuntu 18.04 LTS version inside a Google Cloud MicroServer.


The Problem: After that, Both the wp-admin and the WordPress site itself were showing as insecure but without the red notice (unlike self-signed), So I went back to my apache2 configuration and changed the VirtualHost *:80 port to *:443 as well as the ServerName myWebsite.com:443,

I did this on both of the .conf files (SSL and the default) because I figured why use port 80?

/var/apache2/sites-available/000-default.conf

/var/apache2/sites-available/default-ssl.conf

(I remembered now that there’s also the Listen command somewhere in the files that I forget and left on Listen to port 80 that could be important)

And only after I did that I got this weird new problem where only the wp-admin area is Secured while the homepage itself is Info or Insecure *(Google terms) – Unlike before I did that change where both the admin panel and the homepage was Insecure *

so I was finally happy to see that green secure icon but was sad to find out that it’s only valid on the admin panel and not on the homepage which is very weird right?


Please take a look at the picture to better understand this weird problem:

enter image description here

I will really appreciate any help on the subject.

Thanks upfront.

2

Answers


  1. Chosen as BEST ANSWER

    As turns out, I had that picture on my website which I uploaded before the SSL was added and now it's probably causing the problem, The easiest fix will be to download a Search And Replace plugin for Wordpress and replace http:// with https://.

    Thanks for @Tim Strawbridge for asking me the right questions

    Mixed Content: The page at 'https://www.******/' was loaded over HTTPS, but requested an insecure image 'http://www.******/wp-content/uploads/2019/09/8204.jpg'. This content should also be served over HTTPS.


  2. In an .htaccess file you can add this:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search