Home SSL Certificates

SSL Certificates

By
7 articles

My website shows as insecure due to mixed content?

Please note that if you have recently activated an SSL certificate for your domain, it can take up to 30 minutes to be installed across our load balancers. After an SSL has been installed, the website still loads with an insecure warning If the website is now showing your certificate but still has an insecure warning, this is often caused by 'mixed content' on the website. This means there is content on the page that is being loaded through a 'http://' URL. For a webpage to be classed as secure, all content must be loaded over HTTPS. This includes external images, JavaScript and CSS. You should search the source code of your website to locate the 'http://' references and update or remove them. Finding Mixed Content When visiting an HTTPS page in Google Chrome, the browser alerts you to mixed content as errors and warnings in the JavaScript console. You can open the console either from the View menu: View -> Developer -> JavaScript Console, or by right-clicking the page, selecting 'Inspect Element', then selecting 'Console'. You need to remove or update the 'http://' URLs listed in these errors and warnings in your sites source. Alternatively, you can use the site ‘Why No Padlock?’ to identify mixed content: https://www.whynopadlock.com/ If the site is running WordPress, you can use the SSL Insecure Content Fixer plugin that should identify all mixed content and replace it with a secure version for you. You can find the plugin here: https://en-gb.wordpress.org/plugins/ssl-insecure-content-fixer/ Once all references on your website are called using https:// URLs, your site will load securely in your browser.

Last updated on May 18, 2026

Why should you use Force HTTPS on your website?

Using HTTPS instead of HTTP means that communications between your browser and a website is encrypted via the use of an SSL (Secure Socket Layer). Even if your website doesn’t handle sensitive data, it’s a good idea to make sure your website loads securely over HTTPS. It’s now becoming a requirement for many new browser features as well as potentially having an impact on search engine rankings. To make sure your website loads securely, you need to make sure that it is prefixed with HTTPS instead of HTTP. This can be done in a few different ways. Outlined below are the most common ways to do this. Use the Force HTTPS tool 1. Login to cpanel.yourdomain.com and head to Manage Hosting and select Manage on the package you want to force HTTPS for Or if you have one account, head directly to SSL/TLS. 2. Select the SSL/TLS icon. 3. Select Enable Force HTTPS. This will redirect website users to HTTPS. As long as the website has an SSL certificate and all content loads via HTTPS, the site should show as secure. Using a .htaccess file Another way that has the potential for more specific configuration is to use a .htaccess file rule. If you don’t have a .htaccess file, you can create one via FTP or File Manager and then add the code: RewriteEngine On RewriteCond %{env:HTTPS} !on RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] If you already have a .htaccess file then make sure you don’t duplicate the line:  RewriteEngine On If after enabling force HTTPS the website shows insecure, then you’ll need to make sure that: 1. You have an SSL certificate on the site 2. You don’t have mixed content.

Last updated on May 18, 2026