Ensuring all content is correctly served over SSL, including mixed content

[cubewebsolutions]

Hi,

I’ve just installed an SSL on my client’s site and we are using your Theme. I’ve read in here that you recommend that the following plugin is used to ensure mixed content does not break SSL:

https://wordpress.org/plugins/wordpress-https/

Despite the fact this seems to work, I’m very surprised that you recommend a plugin that was last updated more than 3 years ago. I really don’t think that’s good business practice.

The two main files that are considered insecure are the two images outlined in the attached image – the website background image and the page title bar image. In many other themes I use, when images are uploaded for these, there is a box next/below the image that shows the path of the image, and instead of the path being the full path such as:

http://www.domain.com/wp-content/themes/neighbourhood/images/preset-backgrounds/grilled.png

it’s a relative path such as:

/wp-content/themes/neighbourhood/images/preset-backgrounds/grilled.png

This way it does not break SSL.

This is an easy fix and saves people having to install another plugin – one that is out of date by 3 years.

May I ask why you force people to take these steps, rather than allow the system to use relative URLs?

Attachments:

You must be logged in to view attached files.

[Rui Guerreiro – SUPPORT]

Hi,

It’s not our responsibility to configure an https site, we just provide an advice(like we do in other areas outside our support scope) and there are always several solutions to reach the same goal.

Regarding the HTTPS plugin don’t see any problem in 2+ years without any update since nothing changed in how Https protocol works. Also more than 80000 active installs would mean that the plugin do what it supposes to do.

Regarding that error, did you change your WordPress address and Site address to Https?

-Rui