How to Fix Common SSL Issues in WordPress (Beginner‘s Guide)

How to Fix Common SSL Issues in WordPress (Beginner‘s Guide)
Is your WordPress site showing as "Not Secure" even after installing an SSL certificate? Are you seeing errors like "Your connection is not private" or "Too many redirects" after moving WordPress to HTTPS?

SSL issues are frustrating, hurt your site‘s credibility, and impact your search engine rankings. But troubleshooting SSL errors in WordPress can feel overwhelming if you‘re not tech-savvy.

Don‘t worry, you‘re not alone. As someone who has helped countless beginners secure their WordPress sites, I can assure you most SSL issues have straightforward solutions.

In this beginner-friendly guide, I‘ll walk you through troubleshooting the most common WordPress SSL issues, step-by-step. We‘ll get those pesky errors resolved and your site loading securely over HTTPS in no time.

But first, let‘s make sure we‘re on the same page about why using SSL/HTTPS is critical for all WordPress websites.

What is SSL/HTTPS and Why Does Your WordPress Site Need It?
SSL (Secure Sockets Layer) is the standard technology for encrypting the connection between a website and a visitor‘s web browser. It ensures that any data transmitted, like login credentials or payment info, can‘t be intercepted by hackers.

When you install an SSL certificate on your WordPress site, it serves your site over a secure HTTPS connection instead of regular unencrypted HTTP. This is indicated by a padlock icon and "https://" in front of your domain name.

In the past, SSL was seen as optional, only necessary for eCommerce sites or those handling sensitive data. Not anymore.

Google now uses HTTPS as a ranking signal and flags any site without SSL as "Not Secure" right in the browser. SSL is also required to use modern web technologies and comply with data regulations in many industries.

Bottom line – SSL is a must-have for every WordPress site. Luckily, SSL certificates are now free and easier than ever to install. Many WordPress hosting providers even offer free SSL certificates and one-click setup.

If your WordPress site isn‘t using SSL yet, pause here and follow this step-by-step guide to install a free SSL certificate. Then come back to learn how to troubleshoot any SSL issues you may encounter.

Now that you have SSL enabled, let‘s fix those common HTTPS errors you may be seeing. Here are the most likely culprits:

  1. Fixing the NET::ERR_CERT_INVALID Error
    If you see an error message like "NET::ERR_CERT_INVALID" or "Your connection is not private", it means the browser does not trust your SSL certificate.

This usually happens because:

  • Your SSL certificate is not installed correctly on the server
  • The SSL certificate has expired or was revoked
  • Your SSL certificate does not match your domain name
  • The browser doesn‘t recognize the certificate authority that issued your SSL certificate

To fix the untrusted certificate error:

  1. Double check that your SSL certificate matches the exact domain name you‘re using, including the right subdomain (www or non-www).

  2. Ensure the SSL certificate is properly installed on your WordPress hosting server. The certificate files need to be in the right location and match your hosting control panel records. Ask your hosting support team for help.

  3. Check that your SSL certificate hasn‘t expired. Certificates need to be renewed periodically, usually every year. Your hosting company or SSL provider should notify you before expiration.

  4. Make sure you got your SSL certificate from a reputable certificate authority (CA). Browsers are picky about which CAs they trust. Stick with established CAs like Let‘s Encrypt, Comodo, Symantec, GeoTrust, etc.

In most cases, reinstalling the SSL certificate or getting a new certificate from your hosting company will resolve untrusted certificate errors. But reach out to your host‘s support if the issue persists.

  1. Fixing Mixed Content Errors and Warnings
    Another common issue is seeing a "Mixed Content" warning in the browser and having the padlock icon show as insecure, even though you have a valid SSL certificate.

Mixed content means your WordPress site is still loading some resources (images, scripts, stylesheets) over an insecure HTTP connection, even though the main page loads over HTTPS. A single insecure resource is enough to throw off browsers.

Mixed content issues usually happen when you first move an existing WordPress site from HTTP to HTTPS. While WordPress automatically updates its own URLs when you enable SSL, URLs hardcoded in your database, themes, or plugins can be missed.

You can manually fix mixed content errors by editing your site‘s files and database to replace any hardcoded "http://" URLs with "https://". But that‘s tedious, especially on larger sites.

The easier option is to use a WordPress SSL plugin to automatically detect and fix mixed content. Two of the best options are Really Simple SSL and SSL Insecure Content Fixer.

As the name implies, Really Simple SSL makes moving WordPress to SSL, well, really simple. Install the plugin, activate it, and let it handle the rest, including fixing insecure content, redirecting HTTP to HTTPS, and improving security headers.

SSL Insecure Content Fixer is a lightweight plugin focused on just fixing mixed content errors. It rewrites insecure HTTP URLs on the fly so your WordPress site is served fully over HTTPS without manual URL replacements.

If you‘re still seeing mixed content warnings after using a plugin, you may need to troubleshoot specific themes or plugins loading insecure resources.

Use your browser‘s Inspect Element tool to identify which URLs are triggering warnings. Then contact the theme or plugin‘s developer for help updating their code to use HTTPS. As a last resort, you may need to find an alternative theme or plugin.

  1. Fixing Too Many Redirects Errors
    After moving WordPress to SSL, you may see an endless redirect loop or "ERR_TOO_MANY_REDIRECTS" browser error when trying to access your admin dashboard.

This happens when WordPress gets stuck in an infinite loop trying to load the HTTPS version of the dashboard. It‘s often caused by forcing SSL on the admin pages with the following outdated code snippet in the wp-config.php file:

define(‘FORCE_SSL_ADMIN‘, true);

To break the redirect loop, connect to your WordPress site using SFTP or your hosting file manager. Download the wp-config.php file and open it in a text editor.

Look for the FORCE_SSL_ADMIN line and replace it with this updated code:

define(‘FORCE_SSL_ADMIN‘, true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO‘], ‘https‘) !== false) {
$_SERVER[‘HTTPS‘]=‘on‘;
}

This code checks if HTTPS is detected in the X-Forwarded-Proto header, which prevents FORCE_SSL_ADMIN from causing infinite redirects on some servers.

Upload the edited wp-config.php file back to your server, overwriting the existing file. The too many redirects error should now be resolved and you can access your WordPress admin over HTTPS.

Alternatively, you can use a plugin like Really Simple SSL and it will automatically configure SSL for WordPress without editing wp-config.php.

  1. Forcing HTTP to HTTPS Redirection
    For optimal security and SEO, it‘s important to force all traffic to your WordPress site to use the HTTPS version, even if visitors type in the HTTP URL.

WordPress doesn‘t force HTTP to HTTPS redirects out of the box. You can configure redirects manually by adding rewrite rules to your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>

However, editing .htaccess can be intimidating for beginners. And a single mistake can take down your entire site.

That‘s why I recommend using a WordPress SSL plugin like Really Simple SSL or Easy HTTPS Redirection to handle the redirects.

Both plugins include HTTP to HTTPS redirect functionality out of the box. Just check the appropriate setting to force SSL across your entire site without touching any code.

Once HTTP to HTTPS redirects are working, check that your sitemap, robots.txt file, and Google Search Console settings are updated to use the HTTPS version of your URLs. This helps search engines understand that HTTPS is the preferred version of your WordPress site.

Best Practices to Avoid SSL Issues on WordPress
In addition to troubleshooting tips, here are some proactive steps and best practices to prevent SSL errors when moving WordPress to HTTPS:

  • Use a reputable SSL certificate provider, preferably one that offers free certificates like Let‘s Encrypt. Avoid "self-signed" certificates.

  • Ensure your hosting environment supports the SSL certificate you‘re using. Most hosts now offer free SSL and easy HTTPS setup right in their control panel.

  • Install a WordPress backup plugin and take a full backup before moving to SSL. If anything goes wrong, you can quickly restore your site.

  • Use WordPress SSL plugins to handle mixed content fixes, redirects, and other technical details. This is much safer than manually editing core WordPress files.

  • After moving to SSL, do a thorough check for insecure links across your posts, pages, widgets, menus, etc. Don‘t forget email newsletter signup forms.

  • Keep your WordPress plugins and theme updated to the latest versions. Developers are constantly improving SSL support and patching security holes.

  • For an extra layer of security, consider enabling HTTP Strict Transport Security (HSTS) after confirming your site loads properly over HTTPS. This tells browsers to always prefer the HTTPS version.

Wrapping Up
I hope this in-depth troubleshooting guide has helped you fix those frustrating SSL errors on your WordPress site.

Moving WordPress to HTTPS doesn‘t have to be a huge headache, even for non-technical users. By using the right WordPress SSL plugins and following best practices, you can avoid or quickly resolve most common issues.

Remember, SSL is not an optional extra anymore. It‘s a necessity for all WordPress websites. Not only for security, but for better SEO, faster performance, and building trust with your visitors.

If you take away one thing from this guide, it‘s to not put off enabling SSL on your WordPress site any longer. Your visitors and your business will thank you!

For more tips on locking down your WordPress site, check out this complete WordPress security guide. And if you‘re looking to speed up your site, see this collection of the best WordPress performance plugins.

As always, leave a comment below if you have any other questions about moving WordPress to SSL.

Did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

How to Create a Welcome Gate in WordPress
Supercharge Your WordPress Search Page by Displaying the Search Term and Result Count
How to Set Up a Site Like Teachers Pay Teachers with WordPress
How to Create a Contact Form in WordPress (Step by Step)
12+ Things You MUST DO Before Changing WordPress Themes
How to Customize the WordPress Admin Dashboard: The Ultimate Guide (2023)
How to Fix WordPress RSS Feed Errors (Step-by-Step Tutorial)
How to Add a User-Friendly Logout Link to Your WordPress Menu