A guide to fix “mixed content” errors using Interconnectit’s search and replace tool on your database.
I’ve written this guide because I know that it can be pretty daunting, even downright scary, to use tools like this on your site.
After all, if you did something silly, you can break your site quite easily with this tool!
However, if we’re careful and methodical, I hope to show you that it’s not as scary as it might seem.
But before we dive in, let’s recap why we’re here in the first place, just to check that we’re all doing this for the same reason.
I had been meaning to switch an older site over to https, because of the increasing pressure to do so from the big browsers, and Google in particular. Just recently, we noticed that certain browsers were refusing to open links to the site that were sent out via automated emails notifying people of new blog posts. Clearly, this doesn’t create a good impression, so it was time to act.
Fortunately, the site is hosted with the excellent TSOhost, which now includes a one-click option to get an SSL certificate using the free Let’s Encrypt service.
But there’s more to it than that.
What is a mixed content error?
A simple Let’s Encrypt SSL certificate will do a good job of making the site load via https, but what about all those internal links and references to images in your uploads folder? What about all those bits of custom html in your sidebars, for example? Many of those may contain hard codes references to resources (images etc) using the old http address.
Browsers see those links trying to load content over http and that’s what triggers the mixed content warnings, and interferes with the precious padlock in your browser’s address bar.
The challenge therefore is to get all those images to load over https.
Two approaches to fixing the mixed resources issue.
This first method will appeal to most people because it basically just involves installing (yet another) plugin.
There are a few plugins to deal with this issue and they work by applying redirects to the links. I’m assuming that this would have a slight performance hit on page load times but I’ve not looked into that. If the plugin gets deactivated, or breaks in future, you’re back to square one with insecure mixed content. So I call it the “papering over the cracks” method.
My preferred method is to fix the links at the source. Actually physically re-write them all in the database so that they no longer point to http, but are all re-written to point to the https version. This addresses the issue directly and once done, requires no ongoing use of redirection plugins and the like. A much cleaner, more permanent solution!
However, many people would be nervous about using such tools so this video walkthrough guide is intended to show you what to expect, so that when you attempt it for yourself, it will already feel familiar and so you’ll be more confident to proceed.
Things to bear in mind before you start:
- Make sure you have FTP access to your server.
- Make sure you have a recent backup of your database in case you need to roll back to an older, working version.
- Make sure you delete the search and replace files after you have finished using the tool!
I hope the video is useful! Having carried out this process many times now, I’ve never killed a site yet. But I always take it really slow and carefully. Just in case!
Hope that helps you out.
If you’re still very nervous about doing this on your own site, maybe I can help you out.