HTTP / HTTPS Remover: SSL Mixed Content Fix

Description

Main features:

  • Works in Front- and Backend
  • Makes every Plugin compatible with https
  • No Setup needed
  • Compatible with Visual Composer & Disqus
  • Fixes Google Fonts issues
  • Makes your website faster

What does this Plugin do?

With protocol relative url’s you simply leave off the http: or https: part of the resource path. The browser will automatically load the resource using the same protocol that the page was loaded with.

For example, an absolute url may look like

src="http://domain.com/script.js"

If you were to load this from a https page the script will not be loaded – as non-https resources are not loaded from https pages (for security reasons).

The protocol relative url would look like

src="//domain.com/script.js"

and would load if the web page was http or https.

Tipp: Check your Settings -> General page and make sure your WordPress Address and Site Address are starting with “https”.
Add the following two lines in your wp-config.php above the line that​ says “Stop Editing Here”:

define('FORCE_SSL', true);
define('FORCE_SSL_ADMIN',true);

What is Mixed Content?

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.

Note: You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.

Example

Without Plugin:
src=”http://domain.com/script01.js”
src=”https://domain.com/script02.js”
src=”//domain.com/script03.js”

With Plugin:
src=”//domain.com/script01.js”
src=”//domain.com/script02.js”
src=”//domain.com/script03.js”

If using Cache Plugins

If the plugin isn’t working like expected please purge/clear cache for the changes to take effect!

Screenshots

  • The Sourcecode of the Website will look like this!

Installation

  1. Upload http-https-remover folder to your /wp-content/plugins/ directory.
  2. Activate the plugin from Admin > Plugins menu.
  3. Once activated your site is ready!

FAQ

Installation Instructions
  1. Upload http-https-remover folder to your /wp-content/plugins/ directory.
  2. Activate the plugin from Admin > Plugins menu.
  3. Once activated your site is ready!
How do I know if my site has mixed content?

If a green padlock appears, then your site is secure with no mixed content.
In Chrome or Safari, there will be no padlock icon in the browser URL field with mixed content.
In Firefox the padlock icon will reflect a warning with mixed content.

What if I am using a CDN?

Change all your CDN references to load with // (this will adapt based on how the page is loaded)

Reviews

Works fine

Works perfect with standard WordPress.
But with woocommerce, there are still links not replaced. you have to solve certain header by hand in fuction.php (wp_head, json api inline code, inline links and other in header html) and, the product image template.
Automattic’s coders. Having to add th “http://” or https:// redundant footprint from media url in the database, are not logical.

Good Job!

Previous plugins with the same functionality broke my site, but with your one everything was loaded at once. Thank you a lot!

Only one that worked for me!

Other plugins forcing httsp were not able to rename my database entries only this one fixed it (i tried a lot of them). Thank you very much.

Breaks Mailchimp users w/ images over RSS

While this plugin saved my life with fixing all of the public facing pages by re-writing all http/https’s to // when management forced us to upgrade to SSL across the board, it also seems to rewrite the urls in the RSS feeds which means that mailing services like MailChimp will break if the RSS article has any images (or other URL’s) in it. I think I may continue to use this plugin, but I have to come up with a solution for our weekly Mailchimp newsletter now.

Fixed my image http link issue

I just setup my SLL, thought I was going to have to manually change on my image links. This plugin, a clear caching, and BOOM, chrome sees me as Secure. Good stuff. Thanks guys.

Read all 22 reviews

Contributors & Developers

“HTTP / HTTPS Remover: SSL Mixed Content Fix” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

2.0

Release Date – 1 March 2018

  • Completely rewritten code.
  • Bug fixes

1.5.3

Release Date – 28 April 2017

  • Fixed some Google API Issues

1.5.2

Release Date – 26 April 2017

  • Improvements

1.5.1

Release Date – 25 April 2017

  • Fixed a reCAPTCHA issue!

1.5

Release Date – 25 April 2017

  • Now it removes http and https from source code again
  • Fixed broken links in social sharing plugins

1.4

Release Date – 02 March 2017

  • Finally fixed srcset Problems
  • Changed the working method of the Plugin
  • Some other bugfixes

1.3.1

Release Date – 13 January 2017

  • Added support for srcset tag

1.3

Release Date – 07 January 2017

  • Fixed the issue that Twitter card image is not displayed

1.2

Release Date – 11 December 2016

  • Added support for Google (Fonts, Ajax, Maps etc.)
  • Compatibility for WordPress 4.7

1.1.1

Release Date – 18 October 2016

  • Added support for “content” tag
  • Added support for “loaderUrl” tag

1.1

Release Date – 17 October 2016

  • Fixed the issue that videos in Revolution Slider stopped playing
  • The plugin now works on backend too
  • Other small changes

1.0

Release Date – 16 October 2016

  • Initial release