Adventures in #Divi: Why Is My #WordPress Site Not SSL Secure?
I recently needed to take the new extaCloud web site (https://exta.cloud) up to a more secure place to support shopping cart functionality provided by WooCommerce so wanted to serve the site via SSL. Ignoring all the rigmarole associated to getting the certificates bought and installed, I came across a funny worthy of a Divi post.
Simples, right? Just head over to the WordPress ‘General Settings’ page and force all my pages to https (I’m not worried about caching as the site is pretty lean):
No dramas here. The site was now accessible via SSL, all good.
Or so I thought. Browser warning were being generated about pages (all of them) being insecure and closer inspection informed me that I was serving mixed content. Bummer.
I didn’t have a ton of time to investigate (as I know this can take a while from my limited experience) so headed over to the quite awesome http://www.whynopadlock.com to run their checker against some of the site pages.
Culprit immediately found: Favicon and Site Logo were the offenders.
The settings in Divi (that control the images used for favicon and site logo) don’t honor the forcing of serving as https so need to be configured independently:
Once I added the ‘s’ to each URL, browsers now report the site as being secure.
more to follow…