{"id":3350,"date":"2017-09-11T10:00:04","date_gmt":"2017-09-11T08:00:04","guid":{"rendered":"https:\/\/monodes.com\/predaelli\/?p=3350"},"modified":"2017-09-11T10:00:04","modified_gmt":"2017-09-11T08:00:04","slug":"wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings-managewp","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2017\/09\/11\/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings-managewp\/","title":{"rendered":"WordPress SSL Settings and How to Resolve Mixed Content Warnings &#8211; ManageWP"},"content":{"rendered":"<p><a href=\"https:\/\/managewp.com\/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings\"><img data-recalc-dims=\"1\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress-SSL-Mixed-Content-Settings.jpg?w=910&#038;ssl=1\" alt=\"\" \/><\/a>: <em><a href=\"https:\/\/managewp.com\/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings\">WordPress SSL Settings and How to Resolve Mixed Content Warnings &#8211; ManageWP<\/a><\/em><\/p>\n<p><!--more--><!--nextpage--><\/p>\n<blockquote>\n<div class=\"main-hero-header single-post-header\">\n<header>\n<h1 class=\"entry-title\">WordPress SSL Settings and How to Resolve Mixed Content Warnings<\/h1>\n<div class=\"row single-entry-meta\">\n<div class=\"col-xs-6 white\">September 6, 2012<\/div>\n<div class=\"col-xs-6 white\"><a href=\"https:\/\/managewp.com\/blogs\/wordpress-tips-tricks\" rel=\"category tag\">Tips &amp; Tricks<\/a> <a href=\"https:\/\/managewp.com\/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings#comments\"> <span class=\"white\">109<\/span> <\/a><\/div>\n<\/div>\n<\/header>\n<\/div>\n<div class=\"wrap container-fluid single-blog-post-content\" role=\"document\">\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-314431\" title=\"WordPress-SSL-Mixed-Content-Settings\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress-SSL-Mixed-Content-Settings-1.jpg?resize=625%2C350&#038;ssl=1\" alt=\"\" width=\"625\" height=\"350\" data-no-retina=\"true\" \/><br \/>\nBuilding a website consists of a varied number of steps, depending on the owner, creator, manager, type of site, and audience.<\/p>\n<p><strong>Everyone cares about security and wants a positive user experience.<\/strong> No one likes to see \u201csite down\u201d error messages or web browser warnings.<\/p>\n<p>Below, you can <strong>learn about serving secure web pages and secure assets (like images, scripts, and forms) and how to find and resolve browser security errors.<\/strong><\/p>\n<h2>The Basics of HTTPS<\/h2>\n<p>Forms that receive sensitive user information \u2013 like credit cards, login information, or confidential user feedback \u2013 need to be submitted securely, via HTTPS. An SSL certificate is purchased and installed on your web server to enable HTTPS browsing.<\/p>\n<p>SSL certificates range from $10 to $1,000+ per year, providing different levels of verification and browser integration (e.g. it costs more to turn the browser bar green). All price ranges enable HTTPS browsing, which permits secure browsing, assuming the SSL certificate is valid and that the website is trusted by the visitor.<\/p>\n<p>Pages can be served via HTTP while still including HTTPS forms. This practice allows for form submissions to be submitted securely while still enabling caching (for site speed), or for other reasons. However, the downside to this method is that the visitor has been trained to look for a padlock icon or a green bar displayed within the browser, which only happens when pages are served via HTTPS (i.e. when HTTPS is in the browser\u2019s address bar).<\/p>\n<p>But the browser gives warnings for webpages served via HTTPS that include HTTP assets, like scripts, forms, and images. To avoid these browser warning messages, you need to <strong>make sure that you don\u2019t serve any HTTP assets on an HTTPS page.<\/strong> Browser warning messages may put some of your site visitors on high alert, causing them to\u00a0<em>not<\/em>\u00a0complete that shopping cart order or that contact form.<\/p>\n<h2>WordPress HTTPS<\/h2>\n<p>After installing a valid SSL certificate onto your server (your host can help with that), there are 3 ways to implement HTTPS into your WordPress site.<\/p>\n<h3>Option 1: Forcing All Pages to HTTPS<\/h3>\n<p>Although this is the easiest option, it\u2019s not always the right option because caching isn\u2019t enabled for HTTPS pages. If you\u2019re sure you want to serve every page of your WordPress site via HTTPS, just go to your <a href=\"http:\/\/codex.wordpress.org\/Settings_General_Screen\">WordPress General Settings<\/a>\u00a0and change the <em>WordPress Address (URL)<\/em> and the <em>Site Address (URL)<\/em> from HTTP to HTTPS.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/managewp.com\/wp-content\/uploads\/2012\/08\/WordPress-General-URL-Settings.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-314406\" title=\"WordPress General URL Settings\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress-General-URL-Settings.png?resize=626%2C353&#038;ssl=1\" alt=\"WordPress General Settings\" width=\"626\" height=\"353\" data-no-retina=\"true\" \/><\/a><\/p>\n<h3>Option 2: Forcing Certain Pages to HTTPS (most common)<\/h3>\n<p>More often than not, there are only a few pages you want to force load via HTTPS, and the rest should be loaded via HTTP by default. While there are server-side ways to enable this, there are also a few plugins that provide the ease of a check box. You check the box if you want the page loaded via HTTPS, or you leave it unchecked. Here are a couple of plugins to choose from:<\/p>\n<ul>\n<li><a href=\"http:\/\/wordpress.org\/extend\/plugins\/wordpress-https\/\">WordPress HTTPS (SSL)<\/a><\/li>\n<li><a href=\"http:\/\/wordpress.org\/extend\/plugins\/better-wp-security\/\">Better WP Security<\/a><\/li>\n<\/ul>\n<h3>Option 3: Force HTTPS logins or Force HTTPS logins and HTTPS administration<\/h3>\n<p>If you\u2019re looking for a <strong>simple way to secure WordPress logins (the wp-login.php script) or the entire wp-admin area<\/strong>, you could set one of these <a href=\"http:\/\/codex.wordpress.org\/Administration_Over_SSL\">two wp-config.php constants<\/a>, respectively:<\/p>\n<ul>\n<li>\n<pre>define('FORCE_SSL_LOGIN', true);<\/pre>\n<\/li>\n<li>\n<pre>define('FORCE_SSL_ADMIN', true);<\/pre>\n<\/li>\n<\/ul>\n<p>You do not need to set both of these options, just one or the other because FORCE_SSL_ADMIN includes FORCE_SSL_LOGIN.<\/p>\n<h2>How to Identify HTTP Assets Loaded on an HTTPS Page<\/h2>\n<p>Here\u2019s the nitty gritty section you\u2019ve been waiting for.<\/p>\n<ol>\n<li>You already have your SSL certificate installed correctly, and you can browse your site via HTTPS by manually typing it into the address bar.<\/li>\n<li>You have your HTTPS plugin(s) and\/or wp-config.php constant(s) setup and working.<\/li>\n<li><strong>But the browser throws intimidating warning messages about \u201cmixed content\u201d or \u201cinsecure content\u201d loaded on an HTTPS page.<\/strong><\/li>\n<\/ol>\n<p>Following are several ways to identify the insecure (HTTP) assets loaded on secure (HTTPS) pages. You may need to use several of these methods to resolve all your browser security warnings about mixed content.<\/p>\n<p><em>Note: Option 4 is my favorite!<\/em><\/p>\n<h3>Option 1: View Source<\/h3>\n<p>This method is pretty simple. Load the page via HTTPS; right-click anywhere on the page; and click \u201cView Page Source\u201d, \u201cView Source\u201d, or \u201cSource\u201d, depending on your browser.<\/p>\n<p>Then use the \u201cFind\u201d command (Edit -&gt; Find or Ctrl+F or Cmd+F) and search for:<\/p>\n<ul>\n<li>\n<pre>src=\"http:<\/pre>\n<p>(with double-quote)<\/li>\n<li>\n<pre>src='http:<\/pre>\n<p>(with single-quote)<\/li>\n<\/ul>\n<p>Long story short, you\u2019re manually looking for images, scripts, iframes, and all other assets served via HTTP instead of HTTPS. If you don\u2019t find any with either double- or single-quote HTTP:, then you\u2019re all done with that page. Keep browsing to other HTTPS pages and keep searching through View Source.<\/p>\n<h3>Option 2: Use a Plugin<\/h3>\n<p>A couple plugins exist that essentially do the View Source for you:<\/p>\n<ul>\n<li><a href=\"http:\/\/wordpress.org\/extend\/plugins\/wordpress-https\/\">WordPress HTTPS (SSL)<\/a>\u00a0(mentioned above too)<\/li>\n<li><a href=\"http:\/\/wordpress.org\/extend\/plugins\/wordpress-https-test\/\">WordPress HTTPS Test<\/a><\/li>\n<li><a href=\"http:\/\/wordpress.org\/extend\/plugins\/ssl-insecure-content-fixer\/\">SSL Insecure Content Fixer<\/a><\/li>\n<\/ul>\n<p>Basically, you browse your site via HTTPS with one of these plugins active, and the plugin displays notifications of the HTTP assets. Some plugins show the warnings for all visitors and some only display to Administrators so beware of leaving these sort of plugins active while you\u2019re not testing.<\/p>\n<h3>Option 3: Paste the URL into a Website that Tests for Insecure Assets<\/h3>\n<p>If you don\u2019t want to View Source and don\u2019t want to enable a plugin (maybe because it displays to all visitors, not just administrators), then you could paste your page\u2019s URL into a website that tests it for you.<\/p>\n<p><a href=\"http:\/\/www.whynopadlock.com\/\">WhyNoPadlock<\/a>\u00a0is a free testing site that provides you with a report of all the insecurely-loaded items. It provides an easy-to-understand list of green check marks or red x\u2019s. Pay attention to the red x\u2019s; fix them in your plugins or theme; and click the \u201cTest URL Again\u201d button to try and rid yourself of red x\u2019s. Once done with that page, paste in a different URL to see if it\u2019s also free from red x\u2019s.\u00a0<em>Wash, Rinse, Repeat.<\/em><\/p>\n<figure id=\"attachment_314413\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/i0.wp.com\/managewp.com\/wp-content\/uploads\/2012\/08\/WordPress.com-via-WhyNoPadlock.com_.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\" wp-image-314413 \" title=\"Insecure items loaded at https:\/\/wordpress.com\/\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress.com-via-WhyNoPadlock.com_-715x1024.png?resize=572%2C819&#038;ssl=1\" alt=\"WordPress.com via WhyNoPadlock.com\" width=\"572\" height=\"819\" data-no-retina=\"true\" \/><\/a><figcaption class=\"wp-caption-text\">Insecure items loaded at https:\/\/wordpress.com\/ (click for full-size)<\/figcaption><\/figure>\n<h3>Option 4: Use Google Chrome Inspector Console\u00a0<strong><em>(My Favorite Way)<\/em><\/strong><\/h3>\n<p>Google Chrome\u2019s Inspector has a\u00a0<a title=\"Google Chrome Web Inspector Console\" href=\"https:\/\/developers.google.com\/chrome-developer-tools\/docs\/console\">Console<\/a>\u00a0tab. If the HTTPS page you\u2019re displays yellow or red in the address bar (see 3rd and 4th icons below),\u00a0<a title=\"Chrome Keyboard Shortcuts\" href=\"https:\/\/developers.google.com\/chrome-developer-tools\/docs\/shortcuts\">open the Console<\/a>\u00a0to see the one or multiple insecure assets.<\/p>\n<figure id=\"attachment_476649\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/support.google.com\/chrome\/bin\/answer.py?hl=en&amp;answer=95617&amp;p=ui_security_indicator\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-476649\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/Chrome-SSL-Connection-Icons-and-Explanations.png?resize=684%2C467&#038;ssl=1\" alt=\"Chrome SSL Connection Icons and Explanations\" width=\"684\" height=\"467\" data-no-retina=\"true\" \/><\/a><figcaption class=\"wp-caption-text\">Google Chrome SSL Connection Icons and Explanations<\/figcaption><\/figure>\n<p>This is my favorite method because it\u2019s quick, easy, and can be used on any page I can access, not just on the front-end like WhyNoPadlock. It\u2019s basically like\u00a0<em>Option 1: View Source<\/em>\u00a0but with Chrome finding the issues for me.<\/p>\n<figure id=\"attachment_476659\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/i0.wp.com\/managewp.com\/wp-content\/uploads\/2012\/09\/Chrome-Inspector-Console-Insecure-Content-Example.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\" wp-image-476659 \" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/Chrome-Inspector-Console-Insecure-Content-Example.png?resize=689%2C78&#038;ssl=1\" alt=\"Chrome Inspector Console Insecure Content Example\" width=\"689\" height=\"78\" data-no-retina=\"true\" \/><\/a><figcaption class=\"wp-caption-text\">Chrome Inspector Console Insecure Content Example<\/figcaption><\/figure>\n<h2>How to Fix Insecurely-Loaded Assets<\/h2>\n<p>Make note of each item sourced via HTTP and you\u2019ll get an idea where to find the problem. Here are some examples:<\/p>\n<ul>\n<li><strong>A plugin loading a JavaScript file via HTTP:<\/strong> http:\/\/example.com\/wp-content\/plugins\/example-plugin\/awesome.js<\/li>\n<li><strong>The active theme loading an insecure image file:<\/strong>\u00a0http:\/\/example.com\/wp-content\/themes\/example-theme\/assets\/images\/circle.png<\/li>\n<li><strong>The active theme (most likely in functions.php, but it could be loaded via a plugin instead of the theme) loading Google fonts insecurely:<\/strong>\u00a0http:\/\/fonts.googleapis.com\/css?family=Lato:100,400,700\n<ul>\n<li>Notice even insecure assets from outside your WordPress installation throw browser errors.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure id=\"attachment_314426\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/i0.wp.com\/managewp.com\/wp-content\/uploads\/2012\/08\/WordPress.com-Internet-Explorer-Mixed-Content-warning.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-314426\" title=\"WordPress.com Internet Explorer Mixed Content warning\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress.com-Internet-Explorer-Mixed-Content-warning.png?resize=623%2C325&#038;ssl=1\" alt=\"\" width=\"623\" height=\"325\" data-no-retina=\"true\" \/><\/a><figcaption class=\"wp-caption-text\">Internet Explorer 9 \u201cmixed content\u201d warning for WordPress.com<\/figcaption><\/figure>\n<h3>What You Now Know<\/h3>\n<p><strong>You now know that the plugin or theme you\u2019re using isn\u2019t coded properly.<\/strong> It may be a quick fix or need significant modification. Before working on fixing it, you have to ask yourself, <strong>\u201cDo I really need this?\u201d<\/strong> because if <em>this<\/em> is wrong, I bet other things are wrong. <strong>Sometimes an uninstall can be healthy.<\/strong><\/p>\n<p>If you decide the plugin or theme is worth keeping, start working to fix these errors.<\/p>\n<p>You have a few options per asset:<\/p>\n<ul>\n<li>Report the error to the plugin developer and leave deactivated for now.<\/li>\n<li>Edit the plugin files yourself, sharing the fix with the plugin developer.<\/li>\n<li>Change to a different theme<\/li>\n<li>Edit the current theme\u2019s files (hint: start looking in functions.php)<\/li>\n<\/ul>\n<p>Personally, if a plugin throws WP_DEBUG errors, sets off security errors, or loads assets on pages where it doesn\u2019t belong, I usually get rid of it altogether. If I have the time and the plugin is valuable enough, sometimes I report the error or even provide the fix, especially if the plugin author has enough credibility that I know this is an infrequent occurrence.<\/p>\n<figure id=\"attachment_325206\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-325206\" title=\"WordPress HTTP to HTTPS\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/WordPress-HTTP-to-HTTPS.png?resize=500%2C500&#038;ssl=1\" alt=\"\" width=\"500\" height=\"500\" data-no-retina=\"true\" \/><figcaption class=\"wp-caption-text\">We\u2019re almost done\u2026<\/figcaption><\/figure>\n<h3>How to Change Assets from HTTP to HTTPS<\/h3>\n<p>After discovering the offending assets, you need to change them to either respect the protocol (i.e. serve HTTP when the page is HTTP and serve HTTPS when the page is HTTPS) or change them to always be served via HTTPS, even for pages loaded with the HTTP protocol. These 2 steps should cover all scenarios. You might only need Step 1 or Step 2 to resolve the insecure warning issues.<\/p>\n<h4>Step 1: Use Relative URLs<\/h4>\n<p>This is the simplest fix. If an asset (image, script, etc.) is hard-coded into a plugin or theme, change it from \u2018http:\/\/site.com\/assets\/logo.png\u2019 to \u2018\/\/site.com\/assets\/logo.png\u2019.<\/p>\n<p>Typically, this is most useful when including assets from other servers, like Google scripts, API scripts, or iframes.<\/p>\n<p>Before doing this, however, you need to make sure the HTTPS version is available. If loading an asset from a site that doesn\u2019t have HTTPS enabled, it\u2019s probably best to remove the reference entirely (i.e. comment out or delete) or to save the asset to your own server and change the source to load via your site instead.<\/p>\n<h4>Step 2: Use Proper WordPress Coding Standards<\/h4>\n<p>This issue is a bit more complicated. I\u2019ve seen all kinds of things, like:<\/p>\n<ul>\n<li>Code that forces HTTP (why?!)<\/li>\n<li>Using deprecated WordPress functions that don\u2019t respect SSL settings<\/li>\n<li>Code that tries (and fails) to implement its own \u201cif is HTTPS\u201d logic instead of using the WordPress functions<\/li>\n<\/ul>\n<p>Each of these types of errors could take some time to resolve. Here are some helpful WordPress functions that may need to be used instead of the current code:<\/p>\n<ul>\n<li><a href=\"http:\/\/codex.wordpress.org\/Function_Reference\/home_url\">home_url()<\/a>\u00a0and <a href=\"http:\/\/codex.wordpress.org\/Function_Reference\/home_url#Related\">related functions<\/a><\/li>\n<li><a href=\"http:\/\/codex.wordpress.org\/Function_Reference\/is_ssl\">is_ssl()<\/a><\/li>\n<li><a href=\"http:\/\/codex.wordpress.org\/Function_Reference\">WordPress Function Reference<\/a> (stay away from the ones in red; they are deprecated)<\/li>\n<li><a href=\"http:\/\/codex.wordpress.org\/WP_DEBUG\">WP_DEBUG<\/a> might help too<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Here are the bullet points:<\/p>\n<ul>\n<li>If you\u2019re going to have an SSL certificate and serve one or more pages via HTTPS, work hard to resolve all \u201cmixed content\u201d warnings to provide your visitors with a pleasant browsing experience (especially Internet Explorer users because IE\u2019s warnings are the most in-your-face).<\/li>\n<li>If a WordPress extension (plugin \/ theme) isn\u2019t coded properly for SSL, do you really want to use it?\n<ul>\n<li>If it was free, report the problem and try to help provide the solution.<\/li>\n<li>If it was not free, report the problem and consider if it was really worth your money. Maybe you should ask for a refund and find another alternative.<\/li>\n<\/ul>\n<\/li>\n<li>Once you resolve a single page\u2019s mixed content warnings, keep browsing the site and testing each page individually, whether by using View Source, a plugin, or a testing website.<\/li>\n<\/ul>\n<p>If this is too much work for you and you\u2019re comfortable with visitors receiving mixed content warnings and you do nothing else other than install an SSL certificate, <strong>make sure to at least force secure logins. I think everyone should do this. <a href=\"http:\/\/managewp.com\/how-managewp-handles-security\">ManageWP does<\/a>.<\/strong><\/p>\n<p><strong>Please share your questions and comments below.<\/strong><\/p>\n<p><em>Creative Commons images courtesy of\u00a0<a href=\"http:\/\/www.flickr.com\/photos\/brenda-starr\/4498078166\/\">Brenda Clarke<\/a>\u00a0and <a href=\"http:\/\/www.flickr.com\/photos\/yakobusan\/2436481628\/\">Jakob Montrasio<\/a><\/em><\/p>\n<\/div>\n<div class=\"bg-pale-grey\">\n<div class=\"author-box\">\n<div class=\"container\">\n<div class=\"row\">\n<div class=\"col-xs-12 col-md-9 col-md-offset-2\">\n<div class=\"media\">\n<div class=\"media-left author-image-container hidden-xs\"><img loading=\"lazy\" decoding=\"async\" class=\"avatar avatar-130 photo img-circle img-border\" src=\"https:\/\/0.gravatar.com\/avatar\/3eccf57b1a9512fe5cad43b0de5c309c?s=130&amp;d=mm&amp;r=g\" srcset=\"https:\/\/0.gravatar.com\/avatar\/3eccf57b1a9512fe5cad43b0de5c309c?s=260&amp;d=mm&amp;r=g 2x\" alt=\"\" width=\"130\" height=\"130\" \/><\/div>\n<div class=\"media-body\">\n<h4 class=\"media-heading\">Clifford Paulick<\/h4>\n<p>Clifford Paulick is <a href=\"http:\/\/twitter.com\/TourKick\">@TourKick<\/a>, doing cool things with WordPress, photography, and videography. He provides web and technology consulting services at <a href=\"http:\/\/tourkick.com\/\">TourKick.com<\/a> and is a <a href=\"http:\/\/www.cliffpaulick.com\">Tulsa Realtor<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"bg-white\">\n<div class=\"author-box\">\n<div class=\"container\">\n<div class=\"row\">\n<div class=\"col-xs-12\">\n<h6 class=\"text-uppercase text-center light-grey\">You<\/h6>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/blockquote>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">: WordPress SSL Settings and How to Resolve Mixed Content Warnings &#8211; ManageWP<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/monodes.com\/predaelli\/2017\/09\/11\/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings-managewp\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[72,61],"tags":[],"class_list":["post-3350","post","type-post","status-publish","format-link","hentry","category-documentations","category-wordpress","post_format-post-format-link"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-S2","jetpack-related-posts":[{"id":2488,"url":"https:\/\/monodes.com\/predaelli\/2017\/05\/22\/mailx-gmail-e-certificati-gabriele-merli\/","url_meta":{"origin":3350,"position":0},"title":"mailx, gmail e certificati \u2013 Gabriele Merli","author":"Paolo Redaelli","date":"2017-05-22","format":false,"excerpt":"mailx, gmail e certificati \u2013 Gabriele Merli Interessante fonte di guide ed informazioni... Spesso mi capita di dover usare mailx da riga di comando per inviare semplici mail di notifica, generalmente all'interno di uno script. Il pacchetto mailx \u00e8 questo (in centos 7) ]# yum info mailx<br \/> Installed Packages<br\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1143,"url":"https:\/\/monodes.com\/predaelli\/2016\/03\/14\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu-14-04-digitalocean\/","url_meta":{"origin":3350,"position":1},"title":"How To Secure Nginx with Let&#8217;s Encrypt on Ubuntu 14.04 | DigitalOcean","author":"Paolo Redaelli","date":"2016-03-14","format":false,"excerpt":"Following https:\/\/letsencrypt.readthedocs.org\/en\/latest\/using.html#installation you can obtain a nice SSL certificate for your own webservers; yet for those who likes NGinx like me this guide How To Secure Nginx with Let's Encrypt on Ubuntu 14.04 | DigitalOcean is also useful In this tutorial, we will show you how to use Let's Encrypt\u2026","rel":"","context":"In &quot;Software Libero&quot;","block_context":{"text":"Software Libero","link":"https:\/\/monodes.com\/predaelli\/category\/software\/software-libero\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3324,"url":"https:\/\/monodes.com\/predaelli\/2017\/09\/01\/3324\/","url_meta":{"origin":3350,"position":2},"title":"postfix &amp; saslauth - quick\u2026","author":"Paolo Redaelli","date":"2017-09-01","format":"link","excerpt":"postfix & saslauth - quick and dirty from postfix & saslauth - quick and dirty 2017\/08\/31 Written by Gabriele Questa va nel novero delle attivit\u00e0 rapide: \"20 minuti e faccio tutto\" ma, dopo 3 ore, mi ritrovo irrimediabilmente ancora a litigare con la tastiera... Partiamo dal principio. Telecamera ip cinesissima,\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/lacinamail.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/lacinamail.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/lacinamail.jpg?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/09\/lacinamail.jpg?resize=700%2C400 2x"},"classes":[]},{"id":10263,"url":"https:\/\/monodes.com\/predaelli\/2023\/02\/27\/knot-dns\/","url_meta":{"origin":3350,"position":3},"title":"Knot DNS","author":"Paolo Redaelli","date":"2023-02-27","format":"link","excerpt":"I've just read the interesing \"Replace PowerDNS by Knot DNS and Knot Resolver+supervisor with DNSSEC, DNS over TLS and domain name spoofing\" from .... I didn't knew KnotDNS. It may be a wiser choice than MaraDNS Replace PowerDNS by Knot DNS and Knot Resolver+supervisor with DNSSEC, DNS over TLS and\u2026","rel":"","context":"In &quot;Software&quot;","block_context":{"text":"Software","link":"https:\/\/monodes.com\/predaelli\/category\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12725,"url":"https:\/\/monodes.com\/predaelli\/2025\/02\/09\/nginx-proxy-manager\/","url_meta":{"origin":3350,"position":4},"title":"Nginx Proxy Manager","author":"Paolo Redaelli","date":"2025-02-09","format":"link","excerpt":"Nginx Proxy Manager comes as a pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. \u00a0","rel":"","context":"In &quot;Senza categoria&quot;","block_context":{"text":"Senza categoria","link":"https:\/\/monodes.com\/predaelli\/category\/senza-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1872,"url":"https:\/\/monodes.com\/predaelli\/2016\/11\/02\/cert-for-both-www-and-plain-domain\/","url_meta":{"origin":3350,"position":5},"title":"Cert for both www and plain domain","author":"Paolo Redaelli","date":"2016-11-02","format":false,"excerpt":"Just a note for myself: renew Let's Encrypt certificate to make it valid for both www and plain domain You should be able to do that using the command you originally used to obtain the certificate. Add --force-renewal to force the client to get a new certificate even if the\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/3350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=3350"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/3350\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=3350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=3350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=3350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}