Since December 2019, Google is going to block websites with insecure (mixed) content if it still exists on the web-pages. Until the start of December, website owners have enough time to check their content for HTTPS errors and fix them in advance.
The mixed content issues should be fixed in time to avoid blocking by Google Chrome which is going to result in the loss of traffic and bad user experience.
In this post, I am going to explain the essence of insecure content blocking and how to avoid problems when blocking by Google Chrome starts.
Mixed content is the term that describes the insecure HTTP content which is still loading on HTTPS websites. HTTPS is a secure way to send data between a web server and a web browser. HTTPS websites use an SSL certificate to deliver content to the user. I was speaking on HTTPS and SSL in this post, so you can review it to learn more.
Google Chrome started to warn users they entered insecure websites since October 2017. The insecure sites are those that use HTTP protocol instead of HTTPS. Since then all websites try to obey the rule of Google and use HTTPS not to lose their traffic and repeat visitors.
Now Google is going to block all insecure non-HTTPS content to encourage website owners to move from HTTP to HTTPs and remove all mixed content from their websites. This should be done to improve the user experience of people that prefer Google Chrome to browse their web-pages.
Since December 2019 Google will block other types of insecure content including videos, cookies, audios, images, and more types.
If you care about your website security, then using HTTPS protocol is also compulsory because it decreases the chances for your website to be hacked.
If your website goes on to show the insecure content, then your Google Chrome visitors should learn the following information:
1. Since December 2019, Google Chrome will have a new settings menu option called the ‘Site Settings’. A user will be able to unblock the mixed content which has already been blocked by the browser.
As a result, a user will be able to see the blocked content, but the padlock icon in the address bar which usually shows that the content is secure (as I stated in this post, Chapter 4) will be replaced with the icon showing that the content is the insecure one.
2. Since January 2020, HTTP videos and audio files will be automatically upgraded from HTTP to HTTPS. Those files will be automatically blocked only if they won’t be possible to be opened through HTTPS.
Mixed images will still be possible to load through HTTP with an insecure icon instead of the padlocks.
3. Since February 2020, HTTP images will be automatically upgraded to be loaded through HTTPS.
They will also be blocked in case if they won’t be possible to be loaded through HTTPS.
If you run a serious business website, then the insecure icon showing the mixed content on your web-page can badly influence your reputation and create an unpleasant user experience. To avoid unwanted issues, you can fix the insecurity errors on your site following the next instructions.
Let’s review several steps you should make to keep your website accessible for Google Chrome users in the closest future. Let’s start!
1. Move your website from HTTP to HTTPS
Of course, the first task you should perform (if you haven’t done it yet) is to move your website from HTTP to HTTPS. Please read this detailed step-by-step guide on how to properly make the migration and get it done as soon as possible.
2. Find insecure content on your website using the following 3 methods:
These methods of finding the insecure content on your website suppose that you make it manually and place some efforts.
1. Find the shield icon in the address bar
If you open a definite page on your site and this page contains the insecure content, you will see a shield-with-the-red-cross icon in the address bar which shows that insecure content is blocked. Check if your website contains insecure content to find out if it requires any fixing.
2. Check if there is mixed content that is not fully blocked
If the web-page includes the mixed content which hasn’t been blocked by Google Chrome, the address bar will contain the info icon. If you click this icon you will see the message stating ‘Your connection to this site is not fully secure’.
The mentioned above notices are shown only till December 2019, because currently, Google Chrome doesn’t block insecure content like images or videos.
3. Inspect the page to find the insecure files
Learn which files are loaded through insecure HTTP protocol on your site. Right-click on the page where you suppose the mixed content might be available and select the ‘Inspect’ option in the browser menu.
After that, click the Console tab under the newly opened window and find the page load errors. You should find the red warnings starting from the “Mixed Content” to find out which files are loaded through HTTP protocol and which files are blocked.
Let’s see how to fix the mixed content errors in WordPress with the help of a plugin. For this purpose, I recommend using SSL Insecure Content Fixer free plugin available in the official WordPress repository.
Install and activate the plugin and go to Settings -> SSL Insecure Content to select the ‘Simple’ option.
If it is already selected by default, there is nothing to configure, and if not, then click the ‘Simple’ option checkbox and scroll down to select the HTTPS detection method and click the ‘Save Changes’ button.
The Simple method of fixing the mixed content is the fastest one which is best suited for beginners. This method will automatically fix the mixed content errors in WordPress for stylesheets, scripts and files from the WordPress media library.
After the plugin is configured, go to your website and use the ‘Inspect’ page method to check if your page still includes mixed content warnings. This time all errors should be fixed and you won’t see any warnings again.
Hope this tut was helpful and see you soon.
Hi! I’m an experienced writer exploring WordPress for more than 6 years. I’m happy to share my knowledge and ideas with you and I hope you join me.