WordPress Fix https / WordPress fix mixed content

Podcast: WordPress Fix https Link

White screen SSL warning

If you visit your WordPress website and you see a white screen with a https:// warning it’s probably because the SSL certificate is not installed on your web server properly. The good news is: your hosting company should be able to resolve this issue fairly quickly if you submit a support ticket along with a screenshot to help them.

Unsecured content notice / wordpress fix mixed content on one page

If you visit your WordPress website and you see a not secure notice in your web browser (and you can see your website or of your website) – that’s usually because there’s an asset on the webpage e.g. an image that’s pulling content through using http:// instead of https://. To diagnose which element this is: open Chrome web browser > press F12 – When the debug console window opens. Click “Console”. Reload the web page and the debug console will tell you which image is being blocked due to insecure content. Next login to WordPress and replace this image url with the prefix https:// and click update. Reload your web page and the problem should have been resolved. Fixing one image on a random page is easy.

Unsecured content notice / WordPress fix mixed content on multiple pages

If you think this issue is sitewide or see the insecure notice on more than one page, you’ll need to perform a search and replace on your database to resolve the issue everywhere on your website.

There are two options to solve this issue:

Option 1. Submit a support ticket to your hosting provider. They will do this for you if you ask them nicely. They want to make sure you have a good customer experience. Request them to perform a http:// to a https:// replace and ask them to take a backup of your database beforehand.

Option 2. First, take a back up of your mysql WordPress database. Make sure you export a copy of your Wp database in .sql format. The reason why you should do this is: if something goes wrong, without a database backup you will kill your website! So make sure you have a backup if you follow option 2! If you’re unsure, it might be best to follow option 1. Option 1 low risk.

Next use the InterConnectIt search and replace database tool. Upload it using SFTP to a folder called replace/. Go to your https://yourdomain.com/replace/ in your web browser.The search field should contain http://yourdomain.com and the replace filed should contain https://yourdomain.com. Click run. The database tool will replace all http:// urls with https:// urls. You only need to do this for your website URL. You don’t need to do this on links to external websites.

Replace yourdomain.com with your domain name.

That’s how you fix a WordPress https issue. Remember if you’re running a WordPress ecommerce website you should be using an SSL certificate. Google now insists all websites load content over https://. So make sure your website runs correctly on https://

Fix WordPress Redirect Hack

Podcast: Fix WordPress Redirect Hack Link

If you visit your WordPress website and it is redirecting you to another page on the internet that isn’t right. The chances are that your site has been hacked. WordPress hackers introduce this hack to a WordPress website by injecting php or javascript code to a WordPress website. The code creates a redirect once the page is downloaded from the server and loaded in the visitors web browser.

WordPress redirect hack example bad javascript
Example javascript malicious injection code. Source: https://blog.sucuri.net

The solution to this problem is to remove the old theme and upload a new theme – if the theme is the sole vulnerability.

In the past, I’ve gone to the theme files and manually removed the code by manually sweeping the files 1 by 1. The danger of doing this is: you may not remove all the malicious code.

The WordPress official hacked website documentation includes replacing your theme with a the latest download version to replace the current theme.

You should consider investigating why this happened in the first place.

You should:

  • Update your WordPress core
  • Update your theme
  • Introduce security plugins
  • Change your database passwords
  • Change your wp user passwords
  • Change your sftp passwords
  • Audit your theme and plugins to check there are no vulnerabilities
  • Remove anything from your site that you have doubts about
  • Use a child theme so you can safely update your parent theme

The ultimate solution:

Once you’ve carried out the above and removed the threat and eliminated the possibility of a repeat attack… the heavy weight solution is host your WordPress website with a company like WpEngine. WpEngine handles security server side which safeguards WordPress websites and prevents events like this from happening. My company hosts alot of ecommerce websites with WpEngine such as ultimatebanners.co and they make sure this doesn’t happen to sites that they host. A managed website hosting service will elevate the stress associated with website security management.

Some hosting providers temporarily suspend your website until the threat is removed. Don’t worry if this happens because it is usually temporary. They sometimes insist on you replacing all files on the server and changing all passwords. Each hosting provider has their own rules and their own action requirements.

Before taking any action it’s best to contact your hosting provider for further instructions.

WordPress Fix Permissions

Podcast: WordPress Fix Permissions Link

If you can’t upload media when you’re logged into WordPress or you can’t upload plugins when you’re logged into WordPress via your WordPress dashboard it’s probably due to a file permissions issue. Usually when you attempt to upload a new file (.jpg or .mp3) to the media library or add a plugin an error message will appear with a notice that says something like: unable to upload file due to a file permissions error.

There are three common solutions to resolve this problem:

Option 1. Launch a support ticket with your hosting provider. Provide a detailed description, along with a screenshot. They should be able to fix this issue for you.

Option 2. Login to your hosting control panel. If you’re logging into cPanel – go to the file manager, right click onto a file or folder using. If you set permissions to a folder it sets permissions to the whole folder contents. Other file mangers offer a similar feature.

Option 3. Use an ftp client such as FileZilla (open source). Run it on your desktop and create an SFTP connection, browse your web server, go to the file or directory, right click it and set the file permissions.

Media Upload File Permissions

If you’re having issues with upload media. Set permissions 755 on wp-content/uploads. Your image URLs will look something like this: https://www.slibdesign.com/wp-content/uploads/Twenty-Nineteen-Theme-Preview.png

Add Plugin File Permissions

If you’re having issues with adding a plugin. Set permissions 755 on wp-content/plugins.

If the permission code 755 fails, try 777. This is what the codes mean.