From January 2020 Google Chrome will begin blocking mixed content in an attempt to improve the safety of https browsing.
What is mixed content?
Mixed content refers to https pages that load sources (images, videos, style sheets and scripts) over http. In this case, both http and https content are loaded on the same page, while the initial request was secured with https.
Many modern browsers display a warning when you arrive at a site with mixed content. This way, a user knows that the website contains unsafe sources despite the presence of a SSL certificate.
According to the Google Security Team, Chrome users now spend more than 90% of their “browsing time” on secured https websites. The initiative to block mixed content is intended to close the unsafe “gaps” in the implementation of SSL.
Many modern browsers display a warning when you arrive at a site with mixed content. This way, a user knows that the website contains unsafe sources despite the presence of a SSL certificate.
According to the Google Security Team, Chrome users now spend more than 90% of their “browsing time” on secured https websites. The initiative to block mixed content is intended to close the unsafe “gaps” in the implementation of SSL.
Planned schedule for rollout
The block function will be rolled out gradually and will start with Chrome 79, which is scheduled to be released in December 2019. The browser is currently already blocking mixed scripts and iframes, but Chrome 79 will add a new setting. Users can then switch the blocking function on or off per website.
In Chrome 80, which will be released in January 2020, mixed audio and video sources will be auto-upgraded to https. If they don’t load over https, Chrome will block them automatically. Mixed images will still be loaded, but Chrome will display a “Not safe” warning in the omnibox next to the URL.
The final phase is planned for February 2020. With Chrome 81, mixed images will also be auto-upgraded to https. If they do not load, Chrome will block these images.
Mixed content on your WordPress site
Fortunately, WordPress users have enough time to ensure that all their resources load over https.
There are several plugins on WordPress.org that can help you solve these types of problems. For example, the Really Simple SSL plugin, which is used on more than 3 million sites. This plugin has a built-in mixed content scan that shows whether your site has mixed content.
There is also a “mixed content fixer” for the backend. Other popular plugins such as SSL Mixed Content Fix (20k active installations) and SSL Insecure Content Fixer (300k active installations).
These plugins have been specially developed to solve problems with mixed content. They even include tools to make other installed plugins compatible with https.