I thought I had my SSL certificate set up all okay via GoDaddy (I paid for it and they talked me through it on the phone, but it was a long time ago so I don't remember details), but my site (hosted by Wordpress) is still showing as 'not secure'. I'm not sure now what I need to do to implement the certificate properly. I suspect it's something I need to do on Wordpress rather than a hosting issue as such. Can anyone point me in the right direction?
FWIW, I'm reasonably competent with html in that it doesn't freak me out to make some changes to the code in my Wordpress, but otherwise I don't code at all.
I looked at your site and it appears to be https. Double-check that your SSL is active in your GoDaddy account to make sure it hasn't expried.
There are a bunch of URLs that are http: not https: -- that's called mixed content errors. When you add an SSL, the URLs already in place do not automatically change to https -- you have to do that yourself. So, here's what you can check:
Thank you so much! That's really helpful. I've done all those things ... but Better Search Replace only picked up one instance, and I'm sure there are more, because of internal links for a start! Ugh ... guess I'll have to go through it manually, then. Thank you for the advice, though - I didn't know any of that!
Hmm, I selected everything that was showing, so I think so.
I have tried doing it manually, since it wasn't that much compared with some websites, but still I have the same error ... maybe I overlooked one single thing -eyeroll- haha or maybe it is that stuff is cached and I need to clear everything before it will show as okay. I didn't forget to go to Appearance -> Customise and change all links there as well (so, where my slider images are linked to, etc.) but maybe there's something like that hidden in other places.
What you can do to find stragglers, is when viewing a page through your browser, right click > view source.
That will display all the source code that you can then use your browers's "Find in Page" search and search for http:. That will then highlight what other URLs need updating and point you in the right direction.
Usually it is widgets, menus and actual page content where you'll find http that needs to be changed to https.
That's so clever - it works!
Only down side is that now I have no clue how to edit the things it's flagging up ... things under like 'share this' and 'learn more' on the home page ... I'm happy to go into the code to edit them, but I'm not totally sure of the best way to go about it (or if I even need to go into the code or CSS or anything like that).
I can certainly find instances of 'http' in the CSS. But I'm reluctant to change them because of the whole 'don't touch this on pain of death' warning message ;-)
Okay, something isn't making sense....
Anything to do with plugins is out of your control to control. If your SSL certificate is active and installed properly (check with GoDaddy) that should cover plugins and theme CSS. So double-check that your SSL is current.
Then, the rest is in your menu/custom links, widgets or content.
If you want to provide a link to a specific example, I can take a peak for you.
It's current - it gives an expiry date in 2021 :-) at least according to screenshot 'SSL Cert' (below) it looks okay.
But I'm getting stuff like in the screenshots 'source code' and 'css'.
I mean, thank you so much for all your help, you don't need to take this much time to help out!
Thanks for the additional info! Okay, anything with /* in front means it is a comment in the code -- those http URLs would not be causing the mixed content issue. And, again, anything on a URL off your site is out of your control to control.
If it is a plugin, check to make sure you are on the latest version, and that it has also been tested up to the latest version of WordPress (5.2.3). If it isn't find a new plugin.
What I am seeing is your images displayed via your theme are not https.
If you ran Better Search and Replace to search for http: and replace with https: did you uncheck "Run as dry run"?
Then after making any changes be sure to clear any caches on your site and browser so you are seeing the latest and greatest.
Don't worry -- glad to help!
Hmm, I'm not sure how to check if it is a plugin ... I only have 7 installed (including Better Search Replace) and they are all up to date, and I'm running the latest version of WordPress, so I don't *think* it's that ...
Not sure how I can change that about my images?
I did indeed uncheck 'Run as dry run' :-) I selected every item in the table (as per attached) but not sure if I should have added anything to the list manually.
Are we having fun yet?
You had mentioned your share plugin that's why I mentioned to check that all your plugins are up to date to eliminate any potential for conflicts. Any http: plugin URL that you see in the code is not something you would mess with. When it comes to mixed content errors it is usually images we need to look at.
Did you change the logo in your theme to https? I did some poking around and your logo and slider seem to be the only non-http. Maybe try removing those and re-designating them (and clear caches).
Another thing I discovered is your site is not defaulting to https. If i just go to your domain without http/https it does not automatically go to https as it should. So you'll want to review this article too.