Are you or your students seeing a security warning when visiting your Thinkific site? If so, the most likely reason is that there's some insecure content on the page. Below we'll cover what that means, how to recognize this issue, and how to fix it!
As a security best practice, we activated SSL for all Thinkific sites - that didn’t already have SSL enabled - on September 8, 2021. This small change is a huge improvement for the security of your site and information and will help improve trust with your site visitors.
In this article:
What's Insecure Content?
Insecure content is any file linked to from a web page via an HTTP link rather than an HTTPS link. (The 'S' signifies that the link is secure).
If there's any insecure content on a page, it means that the whole page can only be available at an HTTP link. If anyone tries to visit that page via HTTPS, they may see a scary security warning from their browser.
Additionally, insecure content may not load correctly or at all, which can cause issues for visitors to your Thinkific site.
Here's what the error warning looks like for most common browsers:
Needless to say, you don't want prospective or current customers seeing this message!
See the steps below to fix warnings and insecure content!
Fixing Insecure Content
Part 1: Find the Insecure Content
Now you need to find out what's causing the browser security warning to show. The most common cause are files, hosted on other web pages, linked to via a "non-secure" HTTP link. This "mixed content" (the mix of HTTP and HTTPS URLs) causes browsers to flag the page as insecure.
To find out specifically which content is being flagged as insecure:
- Go to jitbit.com/sslcheck/
- Paste in the HTTPS URL for your Thinkific site in the Enter the root URL field
- Click to Check for SSL Errors
JitBit will then give you a report, highlighting any pages with insecure content on your Thinkific site.
- Scroll to the bottom of the report to find the URLs for website pages with SSL Issues.
Note: If there aren't any SSL Issues, this section at the bottom of the report will say No issues found. If your report shows no issues, continue to Part 4 to enable SSL on your site.
- Copy the URL(s) for any website pages with SSL Issues
- Go to whynopadlock.com/
- Paste the URL(s) from Step 5 into the Secure Address field in Why No Padlock. You will need to check each URL with SSL Issues individually, one at a time.
- Click Test Page. Why No Padlock will generate a report showing the insecure content:
Now that you've found the insecure content, check out Part 2 (below) to fix it!
Part 2: Fix the Insecure Links
Now that you've found which file(s) are causing your page to be insecure, it's time to make them secure. You do this by using an HTTPS URL to link rather than an HTTP URL.
Images or Files in Text Lessons
If you have an issue with a file link in a Text Lesson, the best way to handle this is to upload the file directly to Thinkific rather than "hot-linking" to it. Hot-linking means to link from a web page to a file already hosted on another website. Uploading the file to Thinkific ensures that it will be available via a secure link.
For example, say the problem is with an image linked to from a text editor on Thinkific, you can use the Insert Image button to add it instead:
If the link is in a Multimedia Lesson, you can simply update your link to include HTTPS in the URL.
If you are have any insecure images or files on your site pages, make sure to upload the file using the built in Site Builder tools.
For Developers: If the issue is with a file that you've linked to when customizing your site, upload that file as an asset.
Part 3: Temporarily Deactivate SSL If Required
Having SSL enabled for your site is a great idea (we cover why in this article), but having this setting enabled does mean that all URLs for your site will redirect to HTTPS.
If you need to temporarily remove SSL while fixing any issues, please send us an email with the following:
- Make sure you are contacting us from the email address associated with the Site Owner
- Site URL:
- Confirmation that you need SSL temporarily deactivated
Once we reply confirming it has been deactivated, you will be able to force an insecure connection on your site by manually typing in http:// instead of https://.
Part 4: Test Your Fix and Reactivate SSL
Now that you've made all your content secure, visit the same page via an HTTPS URL. You should be able to access it without seeing any browser security warnings!
Now make sure to reactivate SSL for your site:
- Go to Settings
- Select Site URL in the left menu
- Under SSL Certificate, click the toggle beside Activate SSL
- And that's it!