Back to Community
Home / Community / PluginReally simple security

Why Your Site Still Shows 'Not Secure' After Installing Really Simple SSL (And How to Fix It)

32 threads Sep 16, 2025 PluginReally simple security

Content

You've installed an SSL certificate and activated the Really Simple SSL plugin, but your browser is still showing that dreaded "Not Secure" warning. This is one of the most common frustrations for WordPress users moving to HTTPS. Based on community support threads, here are the typical reasons why this happens and the most effective solutions to get that secure padlock.

Why This Happens: The Core Issue

The "Really Simple SSL" plugin is designed to configure your WordPress site to use an existing SSL certificate. It does not install the certificate itself. The most common reason for a persistent "Not Secure" warning is that resources on your page (images, scripts, stylesheets) are still being loaded over an insecure HTTP connection, even though the main page is loaded over HTTPS. This is known as "mixed content." Other causes can include an invalid certificate, caching, or specific server configurations.

Common Causes and Their Solutions

1. Mixed Content (The Most Frequent Culprit)

Your site has a valid SSL certificate, but elements like images, CSS, or JavaScript are hardcoded to load via http://. Browsers block these insecure resources, causing the warning.

  • How to Fix It:
    • First, ensure the plugin's "Mixed Content Fixer" is enabled (Settings > SSL).
    • If the warning persists, clear all caching. This includes your WordPress cache plugin, server-level cache, and your browser cache.
    • Use your browser's Developer Tools (F12) to identify the problematic resource. Look for errors in the "Console" tab that mention "blocked loading mixed content."
    • Manually update any hardcoded http:// links in your theme's settings, widgets, or page builder content to use https:// or a protocol-relative URL (//example.com/image.jpg).

2. An Invalid or Self-Signed SSL Certificate

The plugin can activate, but if your SSL certificate is not from a trusted Certificate Authority (like Let's Encrypt, Comodo, etc.), browsers will not trust it.

  • How to Fix It:
    • Verify your certificate's validity using a tool like SSL Labs' SSL Test.
    • Contact your hosting provider. They are responsible for providing and installing a valid, trusted SSL certificate on your server.

3. Caching Issues

Old, cached versions of your pages or stylesheets that contain http:// links are being served to visitors.

  • How to Fix It:
    • Clear all possible caches: your caching plugin (e.g., WP Rocket, W3 Total Cache), your CDN (e.g., Cloudflare), and your server cache (often requires contacting your host).
    • Some themes (like Divi) and page builders (like Elementor) have their own caching mechanisms. Be sure to clear those as well.

4. Incomplete Redirects

HTTP versions of your site are still accessible, and visitors or search engines might not be forcefully redirected to the secure HTTPS version.

  • How to Fix It:
    • In the Really Simple SSL settings (Settings > SSL), enable the "301 .htaccess redirect" option. This is often the most reliable method.
    • If your server does not support .htaccess rules, the plugin will fall back to a PHP redirect.

5. Plugin or Theme Conflicts

Some plugins or themes may override the mixed content fixer or generate their own content with hardcoded URLs.

  • How to Fix It:
    • Try enabling the "Switch mixed content fixer hook" (alternative method) in the plugin's settings.
    • Re-save the settings or options in the conflicting plugin or theme to force it to generate new URLs with HTTPS.

Quick Checklist to Run Through

  1. Confirm you have a valid SSL certificate from your host using SSL Labs.
  2. Enable the "301 .htaccess redirect" in Really Simple SSL.
  3. Clear all types of cache on your site.
  4. Check your browser's console for mixed content errors.
  5. Manually check theme options, widgets, and custom code for http:// links.

By methodically working through these common issues, you should be able to resolve the "Not Secure" warning and enjoy a fully secure website. If problems persist, the issue may be server-related, and contacting your hosting provider's support is the recommended next step.

Related Support Threads Support