We use cookies

We use cookies to ensure that the website functions properly, to monitor and optimize the user experience on our websites and for marketing and social media purposes.

Adjust preferences
Go back

Adjust preferences

You can choose which cookies you want to enable. Analytical cookies help us to analyze and improve the use of the website. Statistical cookies collect anonymized data to track trends and performance.

Necessary cookies (always active)
Analytical cookies
Marketing cookies
Skip to content

After installing an SSL certificate, it still says: not secure!

Back to ssl

Introduction
When an SSL certificate is installed there are 2 more things that need to be done to get a lock on the website, point 1: is that the website needs to point to HTTPS:// instead of HTTP://. Depending on the type of CMS used, this can be set as follows.

How do I set HTTPS in Wordpress?
Login to the wp-admin, go to Settings --> General change the WordPress Address (URL) and Site Address (URL) from HTTP:// to HTTPS:// on the left side of the menu.

5fca178586d6f.png


How do I set up HTTPS in Joomla?
Log in as Administrator
Open Global Configuration
Force SSL on the entire site
If necessary, modify the configuration.php.
Replace: var $live_site ='' with var $live_site ='https://voorbeelddomein.nl'

Adjust the .htaccess file as needed, place the following code in here:

RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


It can also be done through the control panel:This option is often useful for a homegrown website.Besides forcing HTTPS through the website, you can also use the function in the control panel.

With DirectAdmin and Cpanel you can check that the URL should go to HTTPS://.

How do I force HTTPS for my website in DirectAdmin:
Login to DirectAdmin, go to Account Manager and click on SSL certificates.
Click on Force SSL with HTTPS redirect at the bottom

5fca17858ec18.png


How do I force HTTPS for my website in cPanel?Login in cPanel, click on Domains, turn on Force HTTPS Redirect.
5fca17858f994.png

I've installed the SSL certificate, the site redirects to HTTPS, but I still don't see a padlock!After the website automatically redirects visitors from HTTP to HTTPS, there may still be no padlock and the website is still considered unsafe. This is usually because there are still sources in the code that point to http. According to the rules of SSL, everything must go over a secure connection, including links and images. When an image points to http://voorbeeldsite.nl/images/plaatje.jpg, it must be https://voorbeeldsite.nl/images/plaatje.jpg.

How do I know which source points to HTTP?Once you have opened your website in a web browser, you can press F12 on your keyboard, then choose console. The browser will indicate why it sees the website as insecure.
You will then see what resource is being loaded over HTTP. The task is then to change it so that it does load over HTTPS.

Is there an easy way to change this?For Wordpress, you can use a plugin like Really Simple SSL or Insecure Content Fixer, which will convert all links from HTTP to HTTPS.

Back to ssl

Related articles