It will also happen to you when you want to visit a webpage, a warning on your screen: "Your connection is not private." Although you probably know that it is often not that bad, you want to prevent that for your own website. Whenever such a message appears, it leads to dropouts because your site is considered 'not safe. In most cases, you are dealing with mixed content. What exactly is that, and especially: how do you solve it?
Your connection is not private: why not?
You click on a link to open a web page and see “Your connection is not private,” along with a warning about cybercriminals stealing your data. What is the matter then? This can be due to several things:
- There is mixed content.
- The TLS certificate (still incorrectly called SSL certificate) is not valid
- There are problems with your operating system and/or browser conflicting with the website
Point 3 is the least common and mainly has to do with the visitor. We will mainly discuss point 3: mixed content. Unfortunately, this still happens regularly, while it can generally be solved quickly.
Point 2 is a matter of checking whether the TLS certificate is valid. Has the certificate expired, or is the certification for the website not for some other reason? As a visitor, you can check it by clicking on 'Not secure' in the address bar on the website itself, which (usually) stands in front of the URL if there is something wrong with the TLS certificate. An overview will then appear with details about both cookies and the security certificate for the website. By clicking on it, you will see the details for the certificate. You can also see which cookies a website uses.
Mixed content as the cause of the security notification
Mixed content is a common cause of the message “Your connection is not private.” And that's a problem that is generally easy to fix. You don't even have to be very technical for that. And it is certainly important to solve that. You do not want your visitors to see that security message and therefore drop out?
What is mixed content?
Mixed content is a conflict within your website, where your website runs via a secure connection (HTTPS) while internally referring to HTTP pages. This mainly happens with internal links and images. The problem is that your website has an HTTPS connection, whereby the transfer of the data from your website to your visitor's browser takes place securely, and there are internal links with an HTTP connection. This does not always lead to the message “Your connection is not private,” but can also appear in the address bar “Not secure.”
What's wrong with it?
The problem with mixed content is that your website with HTTPS must also run entirely on it. As soon as the warning is given to your visitor, the unsafe parts have already been loaded, and it is actually too late. Your webpage is less secure due to the unsecured links, and malicious parties can take advantage of this by attacking your website.
How do you solve mixed content?
You are, of course, here to know how to fix it. First of all, it is, of course, important to know where the problem is. For example, you have SEO tools for that. For example, in Ahrefs Site Audit, I get to see when there is mixed content to solve it. So if you want to be informed about mixed content, site audits such as Moz, Semrush, and Ahrefs are the most logical. You can also use a crawler like Screaming Frog, with which you can run these types of audits per website.
If you don't have a budget for it or you want to check a single page that you know is mixed content, there are, for example:
- Whynopadlock: free with separate URLs. Check the entire website for a fee
- Mixed content checker: free (with some advertising on the page), but per page, so you have to manually enter URLs and actually already know that there is mixed content
If you want to fix it, you can change everything manually. Sometimes this is done quickly enough, as I recently had with a customer where there were still internal links with HTTP in the footer. Manually tweak some links, and it's done in minutes. If there are all kinds of internal links that cause problems, searching and replacing is a faster solution.
Pictures are a different story.
You cannot do the same with images as with internal links. So you will have to do more work on that. Either you have to place the images in the pages again, or you will have to work with search & replace, as from the blog of Lamper Design that I quote above.
Prevention is better than cure.
In any case, prevention is better than cure. This is quite easy with internal links. If you now only use the slug as a link instead of the full URL, the link will also work, and the link will continue to work within your website, no matter what happens. So even if, for example, you change domain names, as we did in 2020, all your internal links will continue to work, and you do not have to perform any additional actions. This is how you do that:
You can see that I have selected the domain name (that's why it is blue), and when I delete it, the slug remains. That is perfectly fine for an internal link.
Have you (had) to deal with mixed content? Were you aware of this problem? If you have something to add or have any questions, please let us know in the comments.