How to Fix Common SSL Issues in WordPress
How to Fix Common SSL Issues in WordPress. Secure Sockets Layer (SSL) is an encryption technology that secures the connection between your WordPress hosting server and the client’s browser. Once you install and activate SSL, your site migrates from HTTP and instead use the more secure HTTPS. You also notice a padlock symbol next to your web address in the browser to indicate that it is secure.
SSL/HTTPS makes it harder for cyber criminals to intrude on the connection. Each SSL/HTTPS enabled website receives a unique SSL certificate to help with identification. Designed to secure websites, but it’s not security proof. Here are some of the common SSL issues in WordPress and how to fix them. Read on!
Common WordPress SSL Issues
1. NET::ERR_CERT_COMMON_NAME_INVALID
Normally when a user tries to access a website, their browser inspects the site’s SSL certificate to establish a secure connection. Websites with a valid certificate redirects the request through the HTTPS protocol, which is a more secure version of HTTP. However, if users encounter the NET::ERR_CERT_COMMON_NAME_INVALID error, it means the browser is unable to verify the SSL certificate.
This usually happens because the common name that is written in the SSL certificate does not match the actual domain name. However, domain mismatch is not the only cause of the NET::ERR_CERT_COMMON_NAME_INVALID error. In some cases, the problem results of the site’s own address and antivirus configuration settings, cache, browser extensions, and more.
Ensure That the SSL is Correctly Set
The most common cause of this error is a mismatch between your correct domain name and the common name on your SSL certificate. To fix this problem, make sure you have configured the SSL correctly and installed the correct certificate.
To check your SSL certificate configuration:
- Move to your website and click on the padlock icon on the address bar.
- Select connection is secure from the dropdown menu.
- Next, select Certificate is valid, once you have done this a window containing your site’s SSL certificate details opens.
The common name contained in the SSL certificate’s Issued to domain should match your actual domain name. In case there is an SSL mismatch error, delete and install a new SSL certificate.
Check if Your Website is Redirecting to Another URL
Knowing whether you or your browser are forcing your users to another version of your site is important because not all SSL certificates cover both ‘www’ and ‘non-www’ versions.
For instance, if your domain is example.com, and the server redirects your visitors to www.example.com, the error may occur if there is only one SSL installed for the www version.
There are two methods of fixing this problem. The first is to buy another SSL certificate that covers the domain you are redirecting from. The second is to change the common name to match the certificate your domain defaults to.
Make Sure WordPress URL Directs to the Site URL
In some instances, the HTTP web protocol may have been manually changed to HTTPS without the installation of an SSL. Because of this, the website may experience a common name mismatch error.
In such a case, you should edit your WordPress URL:
- Go to the WordPress dashboard, click settings, and select General.
- Check if the Site Address (URL) matches the WordPress (URL).
- If there is a mismatch, make the appropriate changes.
2. WordPress HTTP to HTTPS Redirect
WordPress does not automatically redirect HTTP requests to HTTPS unless you instruct it to do so. Use plugins such ‘Really Simple SSL’, that are capable of handling redirects automatically. Or you could set up the redirects manually. To enable HTTP to HTTPS redirect, add the following code to your ‘.htaccess file’.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
3. Mixed Content Errors
The mixed content warning on your WordPress website indicates misconfiguration. The mixed content warning varies depending on the type of browser in use. Essentially these warnings inform your visitors of the presence of insecure content found on your site’s page. In most cases, this occurs after migrating from HTTP to HTTPS.
Most site owners migrate from HTTP to HTTPS to create a more secure connection, but if you do not configure the changes correctly, WordPress won’t load website resources over an HTTPS connection. This results in the browser displaying the mixed content warning. Three other circumstances results in a mixed content warning:
- When the web developer uses an HTTP link for plugin and theme coding.
- When you link to resources that are not HTTPS enabled.
- When you call resources that were scripted using HTTP.
There are two kinds of mixed content:
- Active mixed content – Also known as mixed scripting. In this scenario, the webpages load in an HTTPS connection but the scripts load over an HTTP connection.
- Passive mixed content – This happens when video, audio, scripts, stylesheets, or image files load through HTTP instead of HTTPS.
Resolving Mixed Content Errors in WordPress Using a Plugin
This is the easier approach and is recommended for beginners. But despite its simplicity, this method negatively impacts your WordPress performance since the plugin uses an output buffering technique to try and fix mixed content errors. However, if you use a caching plugin, then only the first-page load is affected. Users who visit your site later won’t see any difference in performance.
First, you need to ensure that you have an SSL certificate, then install and activate your plugin of choice. Once you activate the plugin, visit the Settings >> SSL page and review the plugin settings. Plugins such as Really Simple SSL and WP Encryption work out of the box and automatically handle your SSL/HTTPS settings and resolve mixed content errors.
Resolving Mixed Content Errors in WordPress Manually
This method is more efficient and performance enhancing, however, it requires enough understanding of WordPress.
First, navigate to Settings >> General and make sure that the “Site Address” and “WordPress Address” options have HTTPS URLs. If you notice URLs beginning with ‘http’, then change them to ‘https’. Make sure you click on the save changes button to save your settings.
Next, locate your old HTTP URLs in your WordPress database and replace them with the new HTTP URLs. Installing and activating the Better Search Replace plugin helps easily locate and replace URLs.
Once you activate the plugin go to the Tools >> Better Search Replace page. In the ‘Search’ field add your website URL with HTTP. Next, include your website URL with ‘https’ in the ‘Replace field. The plugin now automatically updates URLs in your WordPress database.
If the mixed content errors persist, then troubleshoot the URLs in your WordPress theme and plugin files. Use your browser’s Inspection tool to find the resources that are causing the errors and observe the website files they are loading from. If you are skilled enough at editing WordPress files, then you use your web hosting file manager or FTP to access those theme files. Next, you need to edit every file and replace “http” with “https”.
There is a more straightforward alternative that would involve you contacting the theme developer and requesting them to update the theme. They apply WordPress best practices to load files, which fixes the HTTP/HTTPS problem.
4. ‘Too Many Redirects’ WordPress Error
The “Too Many Redirects WordPress error” happens when a visitor’s browser cycles through multiple servers and URLs while attempting to locate your website. Because of this the browser is unable to establish a connection with the right server, and the user gets stuck in an indefinite redirect loop. Different browsers use different methods to notify users of this error. However, most browsers display a warning indicating that the site “redirects too many times” or that the website “isn’t redirecting properly”.
Here are examples of how the error is displayed by different browsers:
- Chrome – This page isn’t working. Example.com redirected you too many times. ERR_TOO_MANY_REDIRECTS.
- Firefox – The page isn’t redirecting properly.
- Safari – Safari can’t open the page. Too many redirects occurred trying to open Example.com
The WordPress SSL error prevents users from accessing your website. This hurts your conversion rates and causes damage to your reputation as a professional and reliable business. You may even be entirely unable to access your WordPress admin area. This effectively prevents you from performing important tasks like publishing new content, moderating your comments, and updating your plugins.
WordPress lets you enforce SSL/HTTPS for the admin area by entering the following line into your wp-config.php file.
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
However, in certain cases, this setting by itself causes too many redirects error. To remedy this, you have to add the following code to your w-config.php file immediately before the line that says ‘That’s all, stop editing Happy blogging’
Thank you for reading How to Fix Common SSL Issues in WordPress. We shall conclude this article now.
Check out our SAML SSO Single Sign On Security Plugin
Check out and deploy our WP Cloud SSO, a WordPress security plugin and hardening tool, that limits login attempts to your WordPress site
- This security solution (WP Cloud SSO plugin) allows WordPress SSO Single Sign On to give you extra security to your WordPress logins.
- Login to WordPress (WP) using Azure AD, Azure B2C, Okta, ADFS, Keycloak, OneLogin, Salesforce, Google Apps (G Suite), Shibboleth, Ping, Auth0 and other IdPs (Identity Providers).
- The SAML SP (Service Provider) is configured to establish a trust between our WordPress SSO plugin and IDP to securely authenticate and enable SSO / Login for the user into the WordPress (WP) site.
How to Fix Common SSL Issues in WordPress- Conclusion
Having a working SSL certificate is essential for secure connections on WordPress. With the above processes, you fix the common SSL issues in WordPress. If you have any problem implementing your SSL certificate, just follow the above steps. This way, you will have a perfectly working WordPress website.
