If you own a Joomla or WordPress site, and you have an SSL certificate, it may be displaying this error message in Google Chrome and some other major browsers. You'll see a tiny little icon at top right in your browser bar. Does it signal a breach? No. Does it pose a gigantic security risk? Usually not. Is your website broken/infected? Not at all. But, is it something you need to address?

Yes, and soon. Why?

1. We don't want to scare visitors away.

2. We need to keep Google happy.

What is this about? It's called "mixed content." Your website has a proper SSL certificate, which encrypts all transactions between the user's device and your server. Thanks to SSL, your pages load as "https" (hypertext tranfer protocol secure). All good. However, buried within your website are plugins and apps which might not be current. They might be referencing old resources around the Internet which are not connection-encrypted. Quite often the problem is an archaic path to a Google font. So although your website serves up to browsers via https, it may well contain a lot of garbage http links.

That's one reason why you need to keep all your extensions, components, widgets and plugins updated. Those updates gradually clean up big messes - until finally eliminating all nonencrypted server connections, thus minimizing your risk of being hacked.

Do "unauthenticated sources" really pose a danger to users? Very, very, very rarely. That's why Chrome shows users a discreet little warning, instead of actually blocking the site from loading. I'm a longtime user of Malwarebytes Pro. Not even that has ever blocked me from opening a site which bore this little caution flag. While we need to fix it, this is nothing that needs to keep you up at night. The only pain it's causing is some harm to your Google ranking.

What to do? You could laboriously track down and fix all the http junk links. But if that's not your vision of fun, there are a couple shortcut solutions. One of them is to add a simple line of code to your .htaccess file, which normally can be found in the root folder of your website. Htaccess (short for "Hypertext Access") is a configuration file used by web servers running Apache. It's where we set custom rules for how Apache is going to display the public view of your website. My company site is based on the Joomla CMS. Here's the working .htaccess code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^javelincommunications.com [NC]
RewriteRule ^(.*)$ https://www.javelincommunications.com/$1 [L,R=301]

Yes it looks complicated but the principle is really simple. It tells Apache to convert all http prefixes to https. This one little snippet excuses you from having to manually fix every junk link.

For WordPress site owners, the solution is even easier. There's a free plugin that implements the code for you behind the scenes. It now includes a settings screen which allows you to do some custom configuration. You don't have to touch .htaccess. You don't have to write any code. Even somebody like me really appreciates that. In my line of work I have to code, but I don't live to code. Neither do you.

Download the WordPress plugin here: https://wordpress.org/plugins/http-https-remover/

I should mention that last year a similar plugin became available for Joomla. Have not tried it because it's a paid extension, but that's only $5EU. So if you're not comfortable implementing the .htaccess fix, give it a try! https://www.fasterjoomla.com/download/easy-https-and-ssl

Acknowledgements

Most hosting companies will not give you the time of day if you come to them with an quandary like this. SiteGround is different. When I ran my code by them, to make sure it was bullet-proof, they added it for me. I didn't ask them to, or expect them to. They just did! The update took less than a minute. Done. Support specialist Stefanka Aleksieva, you rock; many thanks.