Here is a Full Guide on How To Troubleshoot When WordPress is Not Showing SSL Padlock on Browser. Making WordPress SSL Lock to appear has tricks. Clearly know – any PHP caching, backend gzip can never create any issue with SSL Padlock’s appearance or disappearance. We shared some tricks in the guide WordPress SSL Setup Tips, but here is almost the full guide which work and there is no guide on the whole internet which has all these information at one place. It is unlikely that WordPress Support forum “volunteers” can ever help you. Their main target (not of all, but the most) is to drive indirectly towards the paid individual service advertised at WordPress Jobs. Furthermore, if it is high end setup on Rackspace with Nginx, they will fail to do anything good.
WordPress SSL Lock Not Showing : Our Setup
While we can not fully disclose our setup, but we can partially disclose an idea about our setup needed for this guide :
- This is a Multi Server Scalable Setup
- There is loadbalancer in front
- We use Rackspace Cloud DNS, Cloud Files – almost everything from Rackspace
- Our loadbalancer do not listen to port 443 – it is closed. It is loadbalancer which holds the SSL certificates
- We use Nginx PHP5-FPM as backend.
- We use Nginx’s GZIP feature
- We use Google Ads
With all these, we pass all the browsers – WordPress shows the desired SSL padlock on almost all the major browsers. This guide, WordPress SSL Lock Not Showing is to help clueless peoples fighting with problems. Using loadbalancer in front has the basic advantages including we need not to think about updating for securing against the latest vulnerabilities. However, loadbalancer in front is not recommend to use for pages which requires higher security like for transaction. You must use a Bare Metal (onMetal by Rackspace) or Colocation Server or Dedicated server instead of Cloud Server instance. The website which will require higher security includes financial websites. For $5 transaction via PayPal, you need not to bother.
---
WordPress SSL Lock Not Showing : Needed stuffs for Server Side (Nginx)
As we have loadbalancers in front, we need no SSL cert to be added on the servers. Our port 443 are closed, in fact which port we use is difficult to guess. It is not possible to directly access any of our main servers. loadbalancers has cache enabled and support for cookies. This is conflicting with the concept of security but practically it is not dangerous as the setup is equivalent to reverse proxying.
As we are using loadbalancer, in the virtual host file, we have this snippet inside location / block ( the file is /etc/nginx/sites-available/default ) :
1 2 3 | if ($http_x_forwarded_proto = "http") { rewrite ^/(.*)$ https://thecustomizewindows.com/$1 permanent; } |
This is only to redirect HTTP to HTTPS, so that we get a nice 301 redirection from corresponding HTTP url. You can do whatever optimization you want on server – it will not do anything for the disappearance of SSL Padlock on browser. Essentially, we need to serve the HTML files.
WordPress SSL Lock Not Showing : Basics Which Disturbs
As everyone knows, we should server only contents from HTTPS URLs – it is important for CDN. Rackspace Cloud Files does the work nicely. We need not to use a sub-domain of the website – it will require additional SSL certificate (or a wild card certificate) plus will increase the round trip delay time.
We have ONLY WP-HTML-Compression plugin for converting to SSL urls on the frontend :
1 | http://wordpress.org/plugins/wp-html-compression/ |
If you follow our method, you will need no other Plugin for HTTPS urls. These are the Plugins we use :
- Ad Injection
- Allow REL= and HTML in Author Bios
- Attachment Pages Redirect
- Break Out Of Frames
- Dagon Design Sitemap Generator
- Dublin Core for WordPress
- Easy Contact
- Header and Footer
- Hello Dolly
- Humans.txt
- Post-Plugin Library
- Redirection
- Smart 404
- Socialize
- WordPress SEO
- WP-HTML-Compression
- WP-Optimize
- WP Post to PDF
- Yet Another Related Posts Plugin
(needed only for Genesis Framework)
- Genesis Beta Tester
- Genesis eNews Extended
- Genesis Printstyle Plus
- Genesis Simple Edits
- Genesis Simple Hooks
We have modifications to some extent, but mostly they will not harm – they will not make your SSL Padlock to disappear. What disturbs is the =ver? in the CSS and Javascript files, which we can make to disappear by adding this snippet to active Theme’s (or Child Theme’s if is in use) functions.php file :
1 2 3 4 5 6 7 8 | // removes the fu**king ?ver= stuff from js and css files function remove_cssjs_ver( $src ) { if( strpos( $src, '?ver=' ) ) $src = remove_query_arg( 'ver', $src ); return $src; } add_filter( 'style_loader_src', 'remove_cssjs_ver', 1000 ); add_filter( 'script_loader_src', 'remove_cssjs_ver', 1000 ); |
1000 is set priority. If you have =ver? in the CSS and Javascript files in output, you’ll get caught by few browsers.
Next is wp-config.php file. You need to add these :
1 2 3 4 5 6 7 8 9 | /** Fixes SSL issues */ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on'; define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true); /** Stop stop stop */ /** stop copying! */ /** Add the first 5 lines before this line, you cam omit the first - Fixes SSL issues */ require_once(ABSPATH . 'wp-settings.php'); |
This is maximum you will need to do.
WordPress SSL Lock Not Showing : Testing
Test with Opera (we use Mac) browser. If Opera pass your website with golden yellow or green padlock, it is unlikely that any other browser will make WordPress not to show the SSL Padlock. Opera per se is difficult to troubleshoot when WordPress SSL lock not showing. Safari and IE can show but others might not show. This tool works for detecting directly written insecure files :
1 | http://www.whynopadlock.com/ |
But, it will fail to detect many smaller things like errors due to certain web font loading, insecure content loading from the CSS or JS as call etc. Easiest tool is Google Chrome’s Developer’s tools.
