Occasional HTTPS Mixed Content Warning

by

we are stumped fixing this problem. It eventually just fixed itself.

We installed SSL, changed settings -> general URL to point to https version of the site. All assets seem to load just fine. However, we noticed today that one specific page has the mixed content warning and didn’t load assets. All other pages were fine. Then, 10 or so minutes later, this page resolved itself and it loaded via https. All was fine! We didn’t change a single thing.

What could cause an occasional “outage” of loading content over ssl?

We are using total cache plugin, but are not using a cdn. I did not try turning off or clearing cache.

We have not edited wp_config.php to force ssl or anything…may try that next.

We cannot find any hardcoded http links in the codebase. The theme seems to have set all asset loads and we aren’t including any customs ones (not that I can find).

Still digging on this but if anyone out there has any insight it would be greatly appreciated!!

1 Answer
1

I just saw this problem myself on my site. The issue for me was that the site was available as both https://example.com/ and http://example.com. If the first request to a page was for the http version, the links to assets would be to http:

  • http://example.com/wp-content/themes/customizr/assets/front/img/thumb-standard-empty.png
  • http://example.com/wp-content/uploads/...
  • etc.

These http asset links would get put into the cache. When somebody requested the page over https and the cached page was returned, they would get mixed content due to the http links in the page cache.

If the first person to visit a page was over https, everything works as expected. The page cache would get built with https asset links.

I solved this problem by redirecting to https by putting the following code in the top my my .htaccess file and then purging all caches.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That way WordPress never gets hit with http requests and the cache always gets built appropriately.

I had thought that setting the site URL to include https would be enough to prevent this problem. However, that does not appear to be the case. My “Settings” -> “WordPress Address (URL)” and “Settings” -> “Site Address (URL)” have always both been set to https://example.com. I had thought that WordPress itself issued redirects to HTTPS with that setting, but apparently it doesn’t. I had also thought that this setting would be used for writing the links to asset URLs, but apparently that is not true either.

Leave a Comment