Tag: https

Categories
Web Development Web Server WordPress

Certificates and Mixed Content Errors

When a secure (https enabled) website is displaying a caution on the certificate and warning about mixed content, you need to identify and correct the content on the page that is causing thje warning.

A good check is to  visit https://www.whynopadlock.com and enter the URL of the troublesome site.  It will quickly identify the elements – typically images – that need to be corrected.

If the images are on the same site you can usually just change http:// to https:// in the image URL, or alternatively remove the http://mysite.com from the url of the image. If the image or element is on another site you can try changing the protocol to https, but you may have to bring the element onto your own site or live with the warning.  Just just accepting the warning is a bad idea because it caused your audience to lose confidence in your site.

Another good discussion of this with additional options can be found at ManageWP, it's worth a read.

Categories
Web Development Web Server

Forcing a Website To HTTPS

With Dreamhost how providing free Let's Encrypt certificates, there's no reason not to set up a certificate and start running your site on a secure connection.

To force incoming connections to use the secure https protocol, you set your .htaccess file to rewrite http:// to https://.

The .htaccess file should be found in the root of your website, it may be hidden. You may find that the RewriteEngine On directive is already there, in which case it can be omitted.

Note: If the .htaccess file is not visible, you need to make it visible.  In CuteFTP (adapt these instructions for other FTP clients) right-click the website root folder, Select Filter, enable server side filtering, the enter the remote filter -L-a.  Alternatively you can right click the site in the CuteFTP Site Manager and apply the filter there.

Add the following near the top of the .htaccess file:

RewriteEngine ON
RewriteCond %{HTTPS} !=ON
RewriteRule ^ <a href="https://%25%7bHTTP_HOST%7d%25%7bREQUEST_URI%7d">https://%{HTTP_HOST}%{REQUEST_URI}</a> [L,R=301]

If you're having trouble with the secure padlock icon on your site, visit https://www.whynopadlock.com/ for some tips on how to clear up any issues blocking full encryption on your site

Reference: http://wiki.dreamhost.com/DreamPress#How_do_I_use_SSL_on_DreamPress.3F (Though this info didn't work without modification)