A former client wrote into me today with this puzzle, and I thought I’d share it in case it’s useful to anyone else:
A while ago you updated my WordPress website. I noticed that when I go to my blog (diannej.com/b/), I see that the connections suddenly show as “Not Secure.” However, when I go to just diannej.com, it does show as secure. I have paid for an SSL certificate which should cover the whole site, but does not appear to be doing that.
Any ideas why? Owen said he went to Siteground to get help, but they no longer seem to have a ticket desk for problems.
Thanks for any assistance you can offer.
Yes, absolutely! Happy to advise. Bummer that Siteground is so unhelpful!
The HTTPS problem
Looks like the reason that page is not being served securely is due to “mixed content” errors- that means while most of your site is secure (over https), some of the elements (in this case your blog post header images) are not.
SSL is pretty picky, everything loaded has to be loaded securely, not just most of it. Even if you have paid for an SSL certificate, you still need to update all your CSS and image files to use https instead of http. In your case, you can’t change them directly because they’re made by your theme.
The Free SSL Fix!
Fortunately, this one has an easy solution. You can download and activate this free plugin which will take all your images and automatically change their urls to the https version.
I’d be happy to do it for you if you need assistance fixing insecure content errors or do not have your own SSL certificate yet. Many hosts offer free ones with your package, and it has many other benefits as well!
Hope this helps someone else as well!
Feel free to reach out with any wordpress or website security puzzles: I’m email@example.com and I’m a real human who likes to help!