Question from Patty J.: I recently found out about the free certificates from Let’s Encrypt. I asked my web host to install it for me so I can make my WordPress blog secure.
I installed the Really Simple SSL plugin and that took care of the redirects from http to https as well as most of the mixed content issues.
But Firefox is still blocking parts of my pages that it claims are still trying to load from insecure sources.
I’ve looked my pages over and I can’t find anything that appears to be loading from an insecure location. Everything on the page appears to be loading from URLs starting with https instead of http.
When I load the pages in Chrome it shows the green padlock with no warnings. It’s only Firefox that’s not cooperating.
I’m pulling my hair out here. How can I find out what Firefox is blocking for being insecure so I can fix it?
Rick’s answer: I know exactly where you’re coming from, Patty. Securing a website with SSL encryption can be a tricky proposition.
Enabling SSL on a WordPress blog is easier now than it’s ever been thanks to the free security certificates from Let’s Encrypt, but as you’ve discovered it can be difficult to track down and fix the last few traces of mixed content in your blog.
Luckily, there’s a fantastic free tool called Why No Padlock? that can help. Using WhyNoPadlock is easy. Just follow the steps below:
1 – Click here to visit the Why No Padlock? website.
2 – Type the URL to a page on your blog that contains content that’s being blocked into the “Secure Address” field.
3 – Click the Check button, then wait for the tool to analyze the page.
4 – Scan the results page and look for any lines that contain an X instead of a green check mark. The items listed on those lines are the ones that are being called from an insecure (http) page.
5 – Change the http part of those insecure URLs to https. If https encryption is enabled on the site that’s hosting the resource everything should now work with no mixed content warnings. If not you’ll have no choice but to remove those insecure items from the page.
6 – After you’ve “fixed” all the mixed content issues on that page, repeat steps 1-5 to resolve any issues that might exist on the remaining pages of your blog.
I hope this helps, Patty. Good luck!
Update from Patty: That helped so much Rick! WhyNoPadlock led me right to a URL that was loading one of my affiliate ads from an http page.
I changed that URL to https and now I have the green padlock with no warnings in Firefox! Yay!!!!!! Thanks for your help!
Bonus tip #1: This post explains how to protect your WordPress blog from hackers by enabling Two-Factor Authentication on it.
Bonus tip #2: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group.
Not into Facebook? Then click here to join my LinkedIn Tech Tips Group instead!
Want to ask Rick a tech question? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.