How can I apply an SSL certificate and fix mixed content on my Joomla website?

1. Configure Joomla to use HTTPS

Through the Joomla! select System>>Global Configuration.

Then select Server >> Force HTTPS >> Entire Site and Save.

2. Add redirect from HTTP to HTTPS

You can perform the redirect in the following two ways. In case you host your website in Plesk, we recommend the first one

a. Through Plesk you select Hosting Settings.

Then you can activate the option Permanent SEO - safe 301 redirect from HTTP to HTTPS and save with APPLY and OK.

β. b. Alternatively, we add the following rules to the .htaccess file.

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

If your .htaccess file does not already exist, you will need to create it and save it in your root folder.

3. Replacement of mixed content

The replacement of mixed content can be done through a plugin, such as DB Replacer.

The following actions will essentially replace all domain name URLs starting with http to https.

This step is not always necessary on Joomla websites, so we would suggest you check if there is mixed content before proceeding.

In any case, we recommend that before starting the replacement, you make a backup of your database, so that you have a backup copy.

You could create a backup using Plesk's export

a. Fixed mixed content using the DB Replacer plugin.

First we download the DB Replacer file from  Joomla Extension Directory.

Then through our Joomla admin we choose Extensions >> Manage >> Install.

b. To install your URL's using DB Replacer, select Components>>Regular Labs-DB Replacer and enter the settings below.

In the Table field, select the table you want, for example content.

In the Columns field we select the ones we want. You can select them all by pressing inside the field Ctrl+a.

In the Search field, enter http://example.com.

In the Replace field, enter https://example.com.

Where example you will need to enter your own domain name.

c. You can check the changes via from the below whynopadlock.com. page.

Before proceeding with a check, you will first need to clear the cache memory from any caching plugin you may have installed. If the above tool no longer shows you mixed content, but you continue to receive a warning in your browser, you will need to clear your browser's cache as well.

In case you continue to have mixed content, it means that there are URLs that are either generated by a plugin or your theme that needs an upgrade or the URLs are written manually in the code and you should locate the relevant files and replace them.

Also, there is the possibility that the mixed content is generated by some links pointing to an external source and is in the database, and you will need to re-run the Search And Replace based on the domain of the external source.

If the external source does not support https, there is nothing you can do and you should either remove the relevant URLs completely, or leave them as they are with the relevant warnings.