Making Sure Your Site is Secure
In most cases, the problem resource is being called from a URL that begins with http: instead of https:. Every resource call on a secure web page must be called from a secure https: URL or you won’t get the padlock in the address bar and the browser will flag the page as being insecure. Just one insecure resource call will result in the entire page being marked as insecure. This situation is referred to as a “Mixed Content” issue and the exact cause(s) of this issue can be very difficult to track down and fix without a little help.
Using “Why No Padlock?” is easy. Simply follow the steps below:
Visit https://www.whynopadlock.com with your preferred web browser.
Type (or copy and paste) your blog’s URL into the “Secure Address” box.
Check the box to prove that you’re a human instead of a robot.
Click the Test Page button.
The tool will now run a test on your page to track down and identify any insecure resource calls or other types of issues that could be causing the page to fail the security test. After the test is complete (which could take anywhere from several seconds to several minutes) you’ll see a list of all the issues that were found printed on the screen.