It is very lightweight, so it doesn’t impact on performance, but that also means it doesn’t catch everything. Some fixes need a bigger hammer, like the WordPress HTTPS plugin. If your problem is small, a small solution like this one might fit better.
- scripts that are registered using wp_register_script or wp_enqueue_script
- stylesheets that are registered using wp_register_style or wp_enqueue_style
- images and other media loaded by calling wp_get_attachment_image(), wp_get_attachment_image_src(), etc.
- the stylesheet loaded by the list-category-posts-with-pagination plugin
- images loaded by image-widget plugin
I’ll be adding other fixes as I become aware of other problems that can be easily fixed. The better solution is to get errant plugins fixed by their authors, but until they do, let me know about other problems and I’ll attempt to add fixes for them to this plugin.
Help support this plugin
If you like this plugin and would like to help support its maintenance and further development, please consider making a donation.
- Upload this plugin to your /wp-content/plugins/ directory.
- Activate the plugin through the ‘Plugins’ menu in WordPress.
If your browser still reports insecure content, tell me the URL of the problem page on the plugin’s forum.
Frequently Asked Questions
I get “insecure content” warnings from some of my content
You are probably loading content with a URL that starts with “http:”. Take that bit away, but leave the slashes, e.g. //www.example.com/; your browser should load the content, but will use SSL when your page uses it.
My website is behind a load balancer or reverse proxy
If your website is behind a load balancer or other reverse proxy, and WordPress doesn’t know when SSL is being used, this plugin won’t help. See my blog post, WordPress is_ssl() doesn’t work behind some load balancers, for some details. You might be able to fix it by adding this to your wp-config.php file:
// Amazon AWS Elastic Load Balancer and some others if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';
For websites hosted by Network Solutions, try downloading this gist and saving it into your plugins folder, then enable the plugin “Force SSL URL Scheme”.
I still get “insecure content” warnings on my secure page
Post about it to the forum, and be sure to include a link to the page. Posts without working links will be ignored.
You listed my plugin, but I’ve fixed it
Great! Tell me which plugin is yours, and how to check for your new version, and I’ll drop the “fix” from my next release.