Starting with Chrome 62 (coming out in October 2017), pages that contain input fields will display as Not Secure in Google Chrome. Eventually Chrome plans to label all sites that are not https as Not Secure so this is the perfect time to make the switch. There are other reasons to enable https – it’s more secure & Google search results will give you a slight boost.
Luckily, enabling https is pretty easy to do on most servers. If you host supports it, turn it on and you should be good. There’s also Letsencrypt, which I prefer. Either way, enabling SSL is the way to go.
Some WordPress sites may have problems once you enable SSL. A common problem is “mixed content” warnings. This happens when your https site is also loading data over http. WordPress has a tendency to create static URLs to content. These URLs usually contain http://.
There’s a fairly simple database query that you can run that will fix the majority of those issues with images –
UPDATE wp_posts SET post_content = (REPLACE(post_content, 'src="http://', 'src="https://')) WHERE INSTR(post_content, 'jpeg') > 0 OR INSTR(post_content, 'jpg') > 0 OR INSTR(post_content, 'gif') > 0 OR INSTR(post_content, 'png') > 0;
It’s possible that the theme you are using may have hardcoded the assets to http (hopefully not). If that’s the case, then you will have to go through the code to manually figure out what’s going on.
You’ll also want to change your site URL in general settings to be https instead of http –
Once your site is fully working over https, then you want to force your site to always use https. You can do that through a .htaccess file like this –
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Or you can use any of the numerous WordPress plugins to do this for you.
If you have a WordPress site and are looking for help (in St. Louis or not), you can contact me.