Get Started Free
Get Started Free
  1. Thinkific
  2. Customize Your Site
  3. FAQs & Troubleshooting

Fix Insecure Content on Your Site

Are you or your students seeing a security warning when visiting your Thinkific site? If so, the most likely reason is that there's some insecure content on the page. Below we'll cover what that means, how to recognize this issue, and how to fix it!

SSL will be automatically activated for all Thinkific sites without an SSL certificate on September 8th, 2021.

In this article:

What's Insecure Content? 

Fixing Insecure Content

Part 1: Find the Insecure Content

Part 2: Fix the Insecure Links

Part 3: Temporarily Deactivate SSL If Required

Part 4: Test Your Fix and Reactivate SSL

What's Insecure Content?

Insecure content is any file linked to from a web page via an HTTP link rather than an HTTPS link. (The 'S' signifies that the link is secure).

If there's any insecure content on a page, it means that the whole page can only be available at an HTTP link. If anyone tries to visit that page via HTTPS, they may see a scary security warning from their browser.

Additionally, insecure content may not load correctly or at all, which can cause issues for visitors to your Thinkific site.

Here's what the error warning looks like for most common browsers:

Google Chrome

Example Chrome warning: Your connection is not private. Attackers might be trying to steal your information.

Safari

Example Safari warning: Safari can't verify the identity of the website. The certificate for this website is invalid.

Firefox

Needless to say, you don't want prospective or current customers seeing this message! 

See the steps below to fix warnings and insecure content!

Fixing Insecure Content

Part 1: Find the Insecure Content

Now you need to find out what's causing the browser security warning to show. The most common cause are files, hosted on other web pages, linked to via a "non-secure" HTTP link. This "mixed content" (the mix of HTTP and HTTPS URLs) causes browsers to flag the page as insecure.

To find out specifically which content is being flagged as insecure:

  1. Go to jitbit.com/sslcheck/
  2. Paste in the HTTPS URL for your Thinkific site in the Enter the root URL field
  3. Click to Check for SSL Errors
    JitBit will then give you a report, highlighting any pages with insecure content on your Thinkific site.
  4. Scroll to the bottom of the report to find the URLs for website pages with SSL Issues.
    Note: If there aren't any SSL Issues, this section at the bottom of the report will say No issues found. If your report shows no issues, continue to Part 4 to enable SSL on your site.
  5. Copy the URL(s) for any website pages with SSL Issues
  6. Go to whynopadlock.com/
  7. Paste the URL(s) from Step 5 into the Secure Address field in Why No Padlock. You will need to check each URL with SSL Issues individually, one at a time.
  8. Click Test Page. Why No Padlock will generate a report showing the insecure content:

Now that you've found the insecure content, check out Part 2 (below) to fix it!

Part 2: Fix the Insecure Links

Now that you've found which file(s) are causing your page to be insecure, it's time to make them secure. You do this by using an HTTPS URL to link rather than an HTTP URL.

Images or Files in Text Lessons

If you have an issue with a file link in a Text Lesson, the best way to handle this is to upload the file directly to Thinkific rather than "hot-linking" to it. Hot-linking means to link from a web page to a file already hosted on another website. Uploading the file to Thinkific ensures that it will be available via a secure link.

For example, say the problem is with an image linked to from a text editor on Thinkific, you can use the Insert Image button to add it instead:

Insert Image button for the Thinkific text editor

Multimedia Lessons

If the link is in a Multimedia Lesson, you can simply update your link to include HTTPS in the URL.

Site Pages

If you are have any insecure images or files on your site pages, make sure to upload the file using the built in Site Builder tools.

For Developers: If the issue is with a file that you've linked to when customizing your site, upload that file as an asset.

Part 3: Temporarily Deactivate SSL If Required

Having SSL enabled for your site is a great idea (we cover why in this article), but having this setting enabled does mean that all URLs for your site will redirect to HTTPS.

If you need to temporarily remove SSL while fixing any issues, please send us an email with the following:

  1. Make sure you are contacting us from the email address associated with the Site Owner
  2. Site URL:
  3. Confirmation that you need SSL temporarily deactivated

Once we reply confirming it has been deactivated, you will be able to force an insecure connection on your site by manually typing in http:// instead of https://.

Part 4: Test Your Fix and Reactivate SSL

Now that you've made all your content secure, visit the same page via an HTTPS URL. You should be able to access it without seeing any browser security warnings!

Now make sure to reactivate SSL for your site:

  1. Go to Settings
  2. Select Site URL in the left menu
  3. Under SSL Certificate, click the toggle beside Activate SSL
  4. And that's it!

Activate_SSL.png

Was this article helpful?

53 out of 81 found this helpful

We're sorry to hear that!

Please tell us why