Many individuals have come across websites displaying the message “Connection is not secure” with a strike through the padlock, even when SSL is enabled. Despite having an SSL certificate, this warning persists. Here, we present the most comprehensive guide to help you resolve this issue on your WordPress website.
First and foremost, always remember to have a fail-safe backup plan for your website. Whether your hosting provider offers this service or you choose to utilize a trusted plugin like Updraft, having a reliable backup is an absolute must. This precautionary measure ensures that in the event of any unexpected mishaps, your precious website data remains protected and easily recoverable. So, before diving into any further actions, secure your safety net with a reliable backup solution.
Updating WordPress Home and Site URLs
Ensure you navigate to the WordPress Dashboard (wp-admin) and head over to Settings > General. Take a moment to double-check both the WordPress Address and Site Address, ensuring they begin with “https://” instead of “http://”. In some instances, the URLs may be defined in the wp-config.php file, it is important to make sure they both begin with https:// also. The code would look similar to this:
define( 'WP_HOME', 'http://example.com');
define( 'WP_SITEURL', 'http://example.com');Search and Replace in the Database
Now comes the crucial step of performing a search and replace operation in your database. Several plugins excel at this task, such as “Better Search and Replace” or “Search & Replace.” Either of these plugins will efficiently address your needs. Simply conduct a search for “http://domainname.com” and seamlessly replace it with “https://domainname.com“. This process ensures that all instances of insecure URLs are updated to their secure counterparts, eliminating any mixed content issues and guaranteeing a fully functional and secure website.
The Last Resort
Now if the search and replace in the database has not resolved your issue, just pop the following into your .htaccess file
Header always set Content-Security-Policy "upgrade-insecure-requests;"If your website runs on an NGINX server, just add the following to the nginx.conf file:
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';