What is insecure content?
When web pages are loaded via HTTPS any images or files that are loaded via HTTP (meaning links that don’t use SSL) could be used to attack the users computer. For this reason most browsers give warnings if images are loaded insecurely, and block other insecurely loaded content.
For example, the insecure image warning in chrome shows as a small icon next to the URL bar, which when clicked shows that the page contains insecure images.
Checking your site
You can go to Site settings > Insecure content to check if any content is being loaded insecurely on your website.
- If your site has not been checked yet you can click the “Check site” button. You’ll know your site has been checked if there are pages listed, or if there is a message telling you your site has no insecure content.
- Any pages or theme files with insecure content will be listed, organized by the type of content. There is a link to the place where the content is located, as well as the line of code with the insecure link.
Insecure links can be created in three places:
- Page content via the WYSIWYG editor
- Custom page templates
- Custom themes
If you are using a theme that's been shared with you, and that theme has insecure content, only the owner of that theme will be able to update it to make it secure.
Fixing insecure links
Most insecure links can be fixed just by changing the link from HTTP to HTTPS. You should confirm that the content still loads and looks correct by clicking the “preview” link to view your site in preview mode. This will load your site using SSL and allow you to see any content warnings or blocked content.
Once you've fixed your links, you can click the "Check site" button again to refresh the list of insecure content.