A2 Hosting’s latest e-newsletter contains an important article titled What Is Mixed Content & How To Fix It. It makes several points that every WordPress user should be aware of. You know how you get a warning screen now when you try to view a HTTP website? Well, it’s going to get worse. Starting this month the next releases of Chrome will block Mixed Content.
What is Mixed Content?
Mixed Content is defined as a browser (like Chrome, Firefox, Safari, etc.) loading both HTTP and HTTPS content. You may have a SSL certificate and a site that displays as HTTPS in a browser bar, so where does this HTTP come from? The simple answer is LINKS. If you’ve linked to pages within your own site that used to begin with HTTP or other websites that begin with HTTP.
Should I Care?
Yes. To restate the problem…. Even if your site is HTTPS, it it displays HTTP content (website links, even old YouTube links, etc.) the browsers may block pages on your site.
How Do I Know What To Fix?
Pinpointing HTTP links in your site is a reminder to do a periodic check for broken links. You’d be surprised where broken links come from! A great example is President Thomas Jefferson on the White House website. It’s a dead link (page that no longer exists). Jefferson hasn’t been purged, but each administration has the prerogative of changing websites and the current administration did that, Jefferson is still there but on a new page and in a new layer of page structure on the site.
How Do I Fix the HTTP?
There are several options as how to handle these dead links.
If the page still exists, however the site is now HTTPS, simply add a “S” to the “HTTP”
If the page no longer exists but you stil feel the information is of value, it can be located in the Wayback Machine and that link used.
If there is no page and no archive in the Wayback Machine, you’ll want to remove the link.
Can Plugins Help?
The simplist method is to search Posts and Pages for “HTTP:” to see where it is used in links and text.
There are also two types of plugins for WordPress that are valuable. The first is the Broken Links Checker. It’s in use by at least 700,000 WordPress users. It shows broken links, gives you the opportunity to change links in the plugin dashboard, and can even provide a link to the Wayback Machine. If you don’t enjoy changing links one by one (even in a plugin dashboard) you can resort to a find and replace plug that will seek out HTTP: files and change them to HTTPS:. This method must be done with extreme caution and while it changes a large number of site links in one click it DOES NOT identify if broken links so you may solve your HTTP to HTTPS problem but not fix dead links.
A form usually appears on a WordPress site by using a plugin. Its important to keep these plugins updated. Updates may contain privacy or security patches that protect you and your users.
I’m recommending to clients to go beyond looking at their WordPress dashboard for plugin update alerts. Why? — because if a plugin developer has gone out of business or stopped doing updates to keep up with the latest version of WordPress you’d never know. Abandoned plugins will never show you an update alert!
If a form plugin is no longer supported how will you know how it handles your privacy or your website users’ privacy?
This summer news programs started reporting on new password guidelines. You no longer have to remember a scrambled mix of upper and lower case letters, numbers and punctuation. The new recommendation is for 3 to 4 words that bear no relationship to each other, yet something you can visualize like “zebrapurpleboxes.” Unfortunately using common names and phrases or just the word “password” are still ill-advised.
WordPress users know about the password security warnings and WordPress even assists with the generation of complex passwords. Despite the new relaxed criteria for password construction, security is still a top concern.
Don’t give out your password “PERIOD.” If you have an assistant or an associate who needs to post on the site, then you or your webmaster should generate a user ID and their very own password to treasure and protect.
Periodically check your site for malware and non-permissive use.
Take a deep breath… change your password to meet the new guidelines or update with a complex password generated in your WordPress dashboard. If you don’t who has had your password, where it’s been, and especially if your site has been hacked — get a fresh password.
I’ve been asked again about adding a Mobile Friendly WordPress Plugin is a good solution for the new Google requirements. It’s likely that if you have a customized WordPress theme, a responsive plugin will not produce satisfactory results. This post will show some examples.
Using a Mobile Friendly WordPress Plugin
I took some screen shots of a live website on an iphone (I’ve wiped out the identifying features). Although Google doesn’t recognize this as a “mobile friendly” site, it’s still attractive on a smart phone, and attractive is what most website owners want.
Adding a Mobile Friendly WordPress Plugin will make a site compliant with Google’s guidelines for responsive website design. HOWEVER, it’s likely you won’t be happy with the results. The plugin itself needs styling, other plugins in use may not be responsive and will have to be deleted and new ones installed that aren’t in conflict with the mobile friendly plugin, and then reconfigured.
You’ll notice too that some of the things you’d expect to see on your site have disappeared. Little things? Well, how about your logo?
More Plugin Problems
Another site shows how dramatically your custom formatting and some pretty important stuff can disappear. Let’s start with a “before” plugin screen shot. I’ve added a big orange arrow to show placement of a Google ad under the site logo and menu.
And now for the “after” plugin screen shot. Ugh! No more logo. The mobile friendly plugin adds some of it’s own design elements that need to be reconfigured… mint green bar, gray background that makes images with white backgrounds look like a cheap paste job. Remember the big orange arrow? Yup, the Google ad drops off the site! If your site earns revenue from ads this can be a disaster.
I know the idea of a web redesign can be a big fat pain. However, I’m recommending to clients with highly customized WordPress websites that they consider moving to a truly responsive them rather than adding a plugin. With WordPress, your content is already created and stored in the database so you aren’t having to re-write and start from scratch. Contact me at Design to Spec for customized mobile friendly, responsive website design themes that can look a lot like your current WordPress site.