Easy Https and SSL

Are you tired of Mixed Content errors in Joomla?

Solve the "mixed content" errors in your browser, stop getting a broken lock in your site.

Mixed Content, or Loading mixed (insecure) display content "http://. .."

are two very common errors, due to resources in the page requested through the insecure http:// protocol. These can be images, style sheets, javascript files, and more.

Any occurrences of http:// in your resources will be automatically replaced with https.

retax errors chrome


easy https and ssl joomla system plugin

Test Joomla settings reads the Joomla! configuration and shows a warning if SSL is not enabled there. This may however be an  appropriate configuration if your site is running behind a proxy, and the encryption is performed by the proxy. This is also a very common scenario, as the site perceives itself as being http:// so it will tend to generate http:// links.

1. Joomla configuration status

At the top of the configuration you have an option showing whether you asked Joomla to force https:// on the site or not:

easyhttps test joomla configuration

If you wish Joomla to automatically redirect traffic to https:// open the Joomla configuration and set Force HTTPS to Entire Site:

                   configuration enablessl

2. Enable/Disable on specific pages

Include Itemids     If set, the plugin will run only on these pages.

Exclude Itemids    these pages will be left alone.

easyhttps filter pages

3. Frontend, Administrator, Both?

This determines which side of the site this will work on

Enable on     where should the plugin be enabled:

  • Config value   can be to SSL => the plugin is disabled; else Admin or Site+Admin, see below.
  • Admin            only enable on the administrator
  • Site+Admin    enable both in the backend and in the frontend.
  • Site               enable only on the frontend

easyhttps admin or site

4. Replace limitations

In order not to replace any unwanted information, the plugin by default only replaces http:// in SRC and HREF tags.

These options allow for it to work on scripts and text as well.

  • Only SRC & HREF: This is where mixed-content warnings come from
  • Only http:// within String Boundaries: this will replace the protocol in any attributes and unescaped text
  • Every http:// :       will replace it in every text
  • Every http:    :        will handle special cases such as http:\/\/ which may appear in code.

easyhttps what to replace

Please note: all but the first option are useful only to handle scripts that in turn load images. This is usually the case with arrays in Javascript, and even json-encoded strings.

Please note: if the buttons in your plugin configuration show https: instead of http: it's because you chose to enable the plugin in the administrator as well.

Ready to run?

Enable the plugin, save and you're all set.

Note: this extension will NOT add a SSL certificate to your server; this is usually something your web hosting provider handles, else look into certbot / let's encrypt for a free solution.

go to Download page