Go Back to Shop
All Categoriesadngcrydcdotadngdotifidotifi.comGoogle SearchHostingPaid Advertisingsurveysswordpresswww.dotifi.com
SSL Fix Your Connection to this site is not fully secure for Chrome on WordPress
by admin
The “Your connection to this site is not fully secure” warning in Chrome on WordPress indicates a “mixed content” error, where a website running over a secure HTTPS connection still loads some resources (like images, scripts, or stylesheets) via an insecure HTTP connection.
How to Fix the Mixed Content Error in WordPress
The most common and straightforward way to fix this issue is by using a WordPress plugin.
Method 1: Use a Plugin (Recommended for Beginners)
The Really Simple SSL or SSL Insecure Content Fixer plugins can automatically detect and fix most mixed content errors.
- Back up your website before making any changes.
- Log in to your WordPress dashboard.
- Go to Plugins > Add New and search for “Really Simple SSL” or “SSL Insecure Content Fixer”.
- Install and activate the plugin.
- Follow the plugin’s instructions, typically clicking an “Activate SSL” or “Fix Mixed Content” button in your settings. The plugin will automatically configure your site and update most URLs to use HTTPS.
Method 2: Manually Update WordPress URLs and Database
If the plugin doesn’t resolve the issue, or for a more permanent solution, you can manually update the URLs.
- Update Site Addresses: Go to Settings > General in your WordPress dashboard and ensure both the “WordPress Address (URL)” and “Site Address (URL)” fields use
https://instead ofhttp://. Save changes. - Use a Search-and-Replace Plugin: For hard-coded links within your pages, posts, or other database entries, use the Better Search Replace plugin to update all old
http://URLs tohttps://URLs across your database tables. Run a “dry run” first to see what changes will be made, then uncheck the dry run option to apply them. - Check for Stubborn Errors: If the warning persists, you can use your browser’s developer tools to pinpoint the exact insecure resources.
- Open your site in Chrome, right-click, and select Inspect.
- Go to the Console tab and look for red or yellow error messages indicating specific files (e.g., images, scripts) still loading over HTTP. You will need to manually re-upload these files to your media library, update the links in your theme files (if hardcoded), or ensure the third-party source supports HTTPS.
Cloudflare Community +4
Method 3: Configure Your Server
You can also force all traffic to HTTPS by modifying your server’s configuration file. For Apache servers, this involves editing the .htaccess file by adding 301 redirects. This is more advanced and requires caution (always back up the file first).
Sucuri Blog +4After attempting any fix, clear your browser cache and any server-side or caching plugin caches to ensure you are seeing the most up-to-date version of your site. You can also use online tools like Why No Padlock? to scan your site for mixed content
In Google Chrome, the message “Your connection to this site is not fully secure” for a WordPress site typically means that while your site has an SSL certificate, some elements (like images, scripts, or stylesheets) are still loading over an insecure HTTP connection instead of HTTPS. This is known as a mixed content error.
HarmonWeb +2
Quick Fixes for Website Owners
- Update WordPress URLs: Go to Settings > General in your WordPress dashboard. Ensure both the WordPress Address (URL) and Site Address (URL) start with
https://. - Use an SSL Plugin: Install a plugin like Really Simple SSL or SSL Insecure Content Fixer. These can automatically detect and fix mixed content issues by forcing all resources to load over HTTPS.
- Clear All Caches: After making changes, clear your WordPress caching plugin (e.g., W3 Total Cache, WP Rocket), your server-side cache, and your browser cache to see the updated secure version.
- Search and Replace: If the warning persists, use a plugin like Better Search Replace to find all instances of
http://yourdomain.comin your database and replace them withhttps://yourdomain.com.
How to Identify the Culprit
To find exactly which files are causing the warning:
- Right-click anywhere on your site in Chrome and select Inspect.
- Click the Console tab.
- Look for yellow or red warnings that say “Mixed Content”. They will list the specific URLs (often images or old scripts) that are still using
http.VeeroTech +5
Other Potential Causes
- Expired SSL: Check if your SSL certificate has expired using a tool like the Qualys SSL Labs Test.
- Insecure Third-Party Scripts: If you are embedding content from another site (like a weather widget or tracking script) that doesn’t support HTTPS, it will trigger this warning.
VeeroTech +3
If you’d like, I can help you:
- Walk through the steps for a specific plugin.
- Provide the code to force HTTPS via your
.htaccessfile. - Troubleshoot a specific “Mixed Content” error from your console
For a non-WordPress site like abijohn.com, the “not fully secure” message usually indicates a mixed content issue or a problem with the SSL certificate configuration itself. Since you don’t have WordPress plugins to automate the fix, you must handle this at the code or server level.
1. Identify the Culprit
The fastest way to see exactly what is causing the warning is using Chrome DevTools:
- Open your site in Chrome.
- Press
F12(or right-click and select Inspect) and go to the Console tab. - Look for errors labeled “Mixed Content”. It will show the exact URL of the image, script, or file being loaded via
http://instead ofhttps://.Stack Overflow +3
2. Manual Fixes in Your Code
- Search and Replace: Open your site’s source files (HTML, CSS, JS) and search for any hardcoded
http://links. Change them tohttps://. - Use Relative URLs: Instead of using absolute links like
https://dotifi.com, use relative paths like/image.jpgor protocol-relative URLs like//://abijohn.com. This allows the browser to match the protocol currently being used. - Check Third-Party Scripts: If you are loading external libraries (like jQuery) or fonts from a CDN, ensure their URLs use
https.InstaWP +4
3. Server-Level Fixes
If your site is hosted on an Apache server, you can force all traffic to use the secure version by adding this code to your .htaccess file:
InstaWP +1
apache
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Use code with caution.
If you use Cloudflare, you can simply toggle on the “Automatic HTTPS Rewrites” and “Always Use HTTPS” settings in your dashboard to fix many of these issues automatically.
4. Verify Your SSL Certificate
Sometimes the “not fully secure” message appears because of an incomplete “certificate chain” (missing intermediate certificates).
Namecheap +1
- Use the SSL Shopper Checker to verify your installation.
- If it shows a broken chain (red broken lines), you may need to re-install the certificate with the correct CA Bundle provided by your SSL issuer
