WTF? Insecure Content Warnings with WordPress Sites & WP Engine Makes No Sense!
Hah, okay this one has got me twice now in the last few months and apparently I didn’t learn my lesson the first time, so I figured maybe if I wrote it down I’d a) help keep it in mind for next time and b) lend a hand to someone else out there who might go crazy with this.
Note that this doesn’t specifically apply to WP Engine, but in the examples below I’ll be using them as an example since they’re the hosting company I use.
Here’s the scenario:
- You’ve ordered an SSL certificate from WP Engine, and it’s up and running.
- You’ve set all pages to use SSL via your WP Engine account, under the SSL tab.
- You’ve gone ahead and reset your site to use https://whateveryoursiteis.com via WordPress > Settings > General.
- You’ve even up and done a complete database search and replace for all references to http:// and changed them to https://
But still, you get this message from Chrome!
Nah, you must be wrong, Google!So you view source…and everything checks out.
Using the Inspector, you see Console is reporting this:
Yeah, but when I view source, I don’t see http://whatever.com/myimage.jpg, in view source, I see https://whatever.com/myimage.jpg. I’m going crazy!?
See! In View Source, it says https:// !!!!!So what’s the solution?
Download your database, or just do a quick search for yourinstallname.wpengine.com (or any other temporary URL a host might give you). Aha!
Redirects and funky fancy stuff that hosts do to give us temporary sites and whatnot are the culprit!
Just do a search and replace in NotePad or TextEdit for yourinstallname.wpengine.com, replacing it with youractualwebsitename.com, and bam, you’re golden!
We’re secure!PS! This is not really a problem with WP Engine, per se, just something that needs to be done! In fact, I couldn’t recommend those guys more! I use them for all of my own sites and recommend them adamantly to all of my clients.