Secure and insecure content warnings

secure and insecure locks Ever since this WordPress network launched, users may have gotten mixed content warnings when using HTTPS (Hypertext Transfer Protocol Secure) to access site pages and admin pages.

These warnings have messages like “This page has insecure content” and confusing buttons like “Don’t load (recommended),” “Load anyway,” or “Aren’t you sure you don’t want to not display the nonsecure items?”

Thanks to a plugin called “WordPress HTTPS” and a few extra configuration lines added to our reverse proxy servers and WordPress config files, these mixed content warnings should be gone for good. Also the in-browser icons that indicate a properly-loaded HTTPS page should now appear instead of the broken lock or missing icons.

We are now automatically redirecting all admin pages (/wp-admin) on all network sites to HTTPS, including the login screen.

Another benefit of the WordPress HTTPS plugin is that it adds an ability for content authors to force a page or post to be secure via an option on the “Add New” screen.