Menu

Fix Insecure Content on Your Site

Are you or your students seeing a security warning when visiting your Thinkific site? If so, the most likely reason is that there's some insecure content on the page. Below we'll cover what that means, how to recognize this issue, and how to fix it!


What's Insecure Content?

Insecure content is any file linked to from a web page via an HTTP link rather than an HTTPS link. (The 'S' signifies that the link is secure).


If there's any insecure content on a page, it means that the whole page can only be available at an HTTP link. If anyone tries to visit that page via HTTPS, they'll see a scary security message from their browser.

Here's what the error message looks like for most common browsers:


Google Chrome:


Example Chrome warning: Your connection is not private. Attackers might be trying to steal your information.


Safari:


Example Safari warning: Safari can't verify the identity of the website. The certificate for this website is invalid.


Firefox:



Needless to say, you don't want prospective or current customers seeing this message! Here's how to fix it:


Fixing Insecure Content


Step 1. Temporarily Deactivate SSL


The first thing you should do is go to the Advanced Settings page to deactivate SSL for your site:


Deactivate SSL for the Advanced Settings page


Having SSL enabled for your site is a great idea (we cover why in this article). But having this setting enabled does mean that all URLs for your site will redirect to HTTPS. To avoid your users seeing a security message whilst you're fixing this issue, switch off SSL. Your site will be available at HTTP links again for the meantime.



Step 2. Find the insecure content


Now you need to find out what's causing the browser security warning to show. The most common cause are files, hosted on other web pages, linked to via a "non-secure" HTTP link. This "mixed content" (the mix of HTTP and HTTPS URLs) causes browsers to flag the page as insecure.


To find out specifically which content is being flagged as insecure, visit whynopadlock.com.


Paste in the HTTPS URL for your Thinkific site in the field shown below and hit Check:


Paste your URL into whynopadlock.com and hit check to find insecure content


Why No Padlock will then give you a report on the page, highlighting any insecure elements on the page:


A report from Why No Padlock, highlighting a file as an insecure element on a page


Step 3. Fix the insecure links!


Now that you've found which file(s) are causing your page to be insecure, it's time to make them secure. You do this by using an HTTPS URL to link to the file rather than an HTTP URL.

The best way to handle this is to upload the file directly to Thinkific rather than "hot-linking" to it. (Hot-linking means to link from a web page to a file already hosted on another website). Uploading the file to Thinkific ensures that it will be available via a secure link.


For example, say the problem is with an image linked to from a text editor on Thinkific (e.g. the Course Description). You can use the Insert Image button to add it instead:


Insert Image button for the Thinkific text editor


For Developers: If the issue is with a file that you've linked to when customizing your site, upload that file as an asset.


Step 4. Test your fix and reactivate SSL


Now that you've made all your content secure, visit the same page via an HTTPS URL. You should be able to access it without seeing any browser security warnings!


Now head back to the Advanced Settings page to reactivate SSL for your site:


Activate SSL from the Advanced Settings page


Still having issues? Our customer support team will be happy to help. You can go here to get in touch with the team directly.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.