Build Your Own Business Website header image

How to Identify Non-Secure Elements on a Page Served Via SSL and HTTPS

Difficulty Level -

Filed Under Topics - ,

Listed Under Lesson Subjects -

Whoops, you've found some premium content!

Watch the opening clip of this video to preview it,
the full video is available to paid members.

In this session we discuss how to identify non-secure elements on a page to get approved for a SSL & HTTPS service. We use a free web tool, www.whynopadlock.com, to help identify what needs to change. We also discuss some possibilities of why you need to use HTTPS in all the site’s pages or use HTTPS in one page only.

Video Transcript

Rick: Fran’s got an intriguing little question. Good evening, Fran.

Fran: Hello there, Rick.

Rick: How are you doing?

Fran: Good, good. Are you a little… feeling better today?

Rick: I am, yes. Although I’ve had a very frustrating day with stuff not working properly. But nevertheless…

Fran: Well, you’d know what your… us customers out here feel.

Rick: Yeah. So you want to know about… you know, we didn’t fully necessarily understand your question so why don’t you ask it?

Fran: Okay so some of the things we did offline is I was trying to get the Main Clinic Supply, the SSL certificate and I finally got it carved away into its own domain so we could apply the SSL sticker or the certificate. So now we have it but when I was talking to GoDaddy, they say I’m not completely secure on the page. There’s some insecure content or unsecure content that’s in the page that I need to go through and make everything secure. So I have it up on my screen right now if I can show it to you.

Rick: Yup.

Fran: Alright. Okay so you see I got the https showing now and the guy in GoDaddy kind of showed me you know, to get in here that we… that the certificate is applied but yeah, I still have some things that are not secure. He said just quickly looking, he saw something in the header and some other stuff. So how is the best way to kind of scrub through this and get it where it’s secure?

Rick: Okay so I want you to go to a site or open up another page, another browser window, www.whynopadlock.com.

Fran: Alright. www.whynopadlock.com like that? Okay, I suppose drop in the page there.

Rick: Put your URL in there, yeah. Theoretically, this should give you a list of those parts of your page that are not secure.

Fran: 51 items.

Rick: Yeah so you’ve got the J Shortcodes plugin CSS files not secure. The Javascript files not secure. Well in fact, essentially, it looks like all of your javascript files and CSS files are not secure. And scroll down and show us some more stuff in there. You know, unfortunately, I would have assumed that… I would have assumed because most of that stuff, you don’t have any control over, right?

Fran: Yeah, I mean, some of these plugins and stufff, yeah.

Rick: Yeah so I would have assumed that they would recognize the SSL certificate or the https and resolve themselves. Show me your page again. Browse the homepage.

Fran: Okay.

Rick: Okay, go to the Medical Equipment page. So why is the Medical Equipment page being served with https but not the rest of it?

Fran: Well, the GoDaddy guy…

Rick: That’s the reason why you have the problem is because your whole site is not https. And so all of WordPress’ parts you know, don’t know about the https. So it just serves the regular…

Fran: Okay now something the guy in GoDaddy told me… tell me if this is right or wrong but he says he only want to secure what you have to because search engines don’t necessarily like to index secure pages. Do you agree with any of that?

Rick: Well, I haven’t heard that. I don’t know. We can do a little bit of research but I haven’t heard that. You don’t really have… in WordPress… well, there may be a plugin. You know, there is a plugin for WordPress that…

Fran: Handles the SSL certificate?

Rick: Well, handles the https stuff.

Fran: Okay.

Rick: And so a plugin might resolve this but the… I mean, essentially, WordPress doesn’t realize that the site’s supposed to be https. And so it’s serving everything with http and then… so you get all of your images and all your javascript and all your CSS files and all the rest of that stuff all being served by http on an https page. Now it might be that there is a plugin that will allow you to set which pages should be https if you want to do it that way. You know, I have never done that. I’ve always you know, had the entire site be https and never thought anything of it. So I can do a little bit of research and see whether or not there’s any fundamental reason why…

Fran: Search engines stay away from…

Rick: Yeah.

Fran: Okay.

Rick: So my trusty research assistant here, he’s going to go check our authority to see whether or not there’s any… to see what truths he can find out about that and I’ll come back to that before the end of the night then. The answer to the question about whether or not search engines don’t index secure pages is that’s false. A search engine will index a secure page in the same way it indexes a regular page. As long as it can access the content, it’s going to index it. So… and that’s from the authority that we use for making all of our SEO decisions, Planet Ocean. So anyway, Fran doesn’t have to worry about that.

0 Comments… add one

Save $200 on Membership Now!

Start learning today for as little as
$0.82 PER DAY!
THIS IS A LIMITED TIME OFFER!
Subscription Options
0 comments… add one

Leave a Comment