I apologize for the long title.
Recently, I enabled HTTPS support on my site. When you visit my site, you should receive the satisfying green lock icon in your browser.
This migration set all links going forward to use HTTPS, but did nothing for older links. As such, I was left with the dreaded yellow lock icon.
Inspecting the error, I found the warning was due to mixed content (e.g., images, iframes, etc…) that was served over HTTP.
Upon examining the source code of a few pages, I found that images were hard-coded with HTTP when they were uploaded.
<meta property="og:image" content="http://loganmarchione.com/wp-content/uploads/2014/03/20140311_001.png" /> <meta property="og:image" content="http://loganmarchione.com/wp-content/uploads/2014/03/20140311_002.png" /> <meta property="og:image" content="http://loganmarchione.com/wp-content/uploads/2014/03/20140311_003.png" />
I have too many posts to go back and edit each one manually. Lucky for me, the folks over at Interconnect IT have a a great script for doing a search/replace on an entire WordPress database. Better yet, their Github page is pretty active.
Download the script to your WordPress root directory and unzip it.
sudo wget https://github.com/interconnectit/Search-Replace-DB/archive/master.zip sudo unzip master.zip sudo rm master.zip
Then, in your browser, navigate to http://www.yoursitehere.com/Search-Replace-DB-master, and you’ll be greeted by the interface.
The script will pull your database info from your wp-config.php file, so you don’t need to worry about digging up the username/password information. In the two boxes at the top, enter your search/replace strings. Again, I was trying to replace http://loganmarchione.com with https://loganmarchione.com.
I chose to execute the script on all tables and to use the dry-run option first. As you can see, no changes were made on the dry-run, and I received a well-organized report of what changes were to be made.
Before the live-run, be sure to backup your database. These are SQL commands and there is no undo option going forward!
mysqldump --opt -u username -p databasename > /path/to/file.sql
After doing the live-run, which only took a few seconds, the same pages with images are now served securely. In theory, this should also help load times ever-so-slightly, since Nginx won’t have to do a 301 redirect on each image to the HTTPS address.
After you’re finished, be sure to delete the tool, or you’ll leave yourself exposed to database updates by complete strangers. 😉
sudo rm Search-Replace-DB-master/