WTF? Insecure Content Warnings with WordPress Sites & WP Engine Makes No Sense!

Hah, okay this one has got me twice now in the last few months and apparently I didn’t learn my lesson the first time, so I figured maybe if I wrote it down I’d a) help keep it in mind for next time and b) lend a hand to someone else out there who might go crazy with this.

Note that this doesn’t specifically apply to WP Engine, but in the examples below I’ll be using them as an example since they’re the hosting company I use.

Here’s the scenario:

  1. You’ve ordered an SSL certificate from WP Engine, and it’s up and running.
  2. You’ve set all pages to use SSL via your WP Engine account, under the SSL tab.
  3. You’ve gone ahead and reset your site to use via WordPress > Settings > General.
  4. You’ve even up and done a complete database search and replace for all references to http:// and changed them to https://

But still, you get this message from Chrome!

that ain't secure, it's sayin'
Nah, you must be wrong, Google!

So you view source…and everything checks out.

Using the Inspector, you see Console is reporting this:

mixed content warning in Chrome's editor
Yeah, but when I view source, I don’t see, in view source, I see I’m going crazy!?
Viewing source claims https is being used.
See! In View Source, it says https:// !!!!!

So what’s the solution?

Download your database, or just do a quick search for (or any other temporary URL a host might give you). Aha!

Redirects and funky fancy stuff that hosts do to give us temporary sites and whatnot are the culprit!

Just do a search and replace in NotePad or TextEdit for, replacing it with, and bam, you’re golden!

success message in Chrome, SSL secured!
We’re secure!

PS! This is not really a problem with WP Engine, per se, just something that needs to be done! In fact, I couldn’t recommend those guys more! I use them for all of my own sites and recommend them adamantly to all of my clients.

Up Next: Portfolio Item: Introducing the New