Since Google announced that websites running on a secured HTTPS connection are getting a bonus, many websites owners have installed an SSL certificate and switched to HTTPS.
But a lot of those sites have mixed content issues. I guess it’s safe to say that having mixed content is the most common mistake made when switching to HTTPS.
What is mixed content?
Mixed content is a term used to describe pages running on a (secure) HTTPS connection which contain sources that are loaded over an (insecure) HTTP connection.
Want to know more details? Click here to read more about mixed content in a post from Google.
Why is mixed content an issue?
When accessing a site on a HTTPS connection all data will be safely encrypted and the location of the server is verified. When you have mixed content issue’s, parts of the data will be sent over an insecure, unencrypted and unverified connection.
So when you have mixed content your site could possibly leak data and is more vulnerable to malicious activities. So this basically means that you might as well not use SSL at all. Mixed content makes your SSL certificate useless.
How to identify mixed content issues and fix them?
You can easily see when a site has mixed content issues in the address bar. When you are using Google Chrome, for example, you will notice that the HTTPS part of the web address is not green but grey and the word “secure” is also missing.
To fix this you need to make sure that every resource you use in the code of your site is running over HTTPS. If you are using WordPress I can recommend the following article by ManageWP: WordPress SSL Settings and How to Resolve Mixed Content Warnings