How I Am Trying to Resolve the Security Issues on My News Sites

How I Am Trying to Resolve the Security Issues on My News Sites

Managing seven sites from a single host for over 10 years has taught me that web security is not a “set it and forget it” task. It requires constant vigilance.

By Rakesh Raman
New Delhi | December 18, 2025

For over a decade, I have managed a digital network of seven sites—comprising six news platforms and my charity site, RMN Foundation. These sites have been my life’s work, hosted on a single server to maintain efficiency. However, in recent months, I faced a recurring technical nightmare that many webmasters know all too well: the dreaded “Not Secure” HTTPS error.

Despite having valid SSL certificates, my sites would intermittently display security warnings, undermining the trust of my readers. After much trial and error, I want to share my journey in resolving these issues to help other publishers facing the same battle.

The Problem: When “Secure” Isn’t Secure

The transition from HTTP to HTTPS was supposed to be simple. An SSL (Secure Sockets Layer) certificate encrypts the data between the server and the reader. But as I discovered, simply having a certificate isn’t enough.

My browser would often tell me the connection was secure, yet the “Not Secure” warning would persist or recur shortly after my hosting provider applied a temporary fix. This is a common trap for legacy sites that have been online for years. The server might be secure, but the content inside—the thousands of images, scripts, and old articles—often remains tied to the old, insecure http:// world.

The Breakthrough: Identifying “Mixed Content”

The core of my problem was “Mixed Content.” On a news site with ten years of archives, many images were hardcoded with insecure links. Even though the main site had a lock icon, the browser detected these insecure elements and flagged the entire page as a risk.

To solve this, I moved away from temporary host-side fixes and took control of the site configuration myself. I began testing on the RMN Foundation site, using it as a “sandbox” to find a permanent solution before rolling it out across my six news sites.

My Two-Step Resolution Strategy

Through my research and testing, I found that a combination of automated “fixers” and permanent database updates is the most effective approach.

Dynamic Fixing with Really Simple Security:

I installed the Really Simple Security plugin to act as a 24/7 guard. Once activated, I enabled the 301 Redirect and the Mixed Content Fixer. The results were immediate. The plugin intercepts insecure links as the page loads and forces them into the secure https:// protocol. This bridged the gap that my hosting provider couldn’t permanently close.

Validating the Results:

I used tools like “Why No Padlock” to run deep scans. While the tests returned “Green” for my SSL and redirects, I encountered a technical warning about TLSv1—an aging security protocol. While this doesn’t break the “lock” icon today, it highlighted the importance of asking hosting providers to disable obsolete protocols (like TLS 1.0 and 1.1) in favor of the modern TLS 1.2 and 1.3 standards.

A Warning to Fellow Publishers

One lesson I learned is the importance of the “Jump Test” and “Media Test.” Always check your site in Incognito mode and type the address with http:// to ensure it “jumps” to the secure version. Also, scroll through your oldest archives; if the lock icon stays solid, your fix is working.

If you are a long-term publisher like me, don’t just rely on your host’s “temporary” fixes. Use a tool like Better Search Replace to permanently update your database links, but always—always—backup your data first.

Moving Forward

Managing seven sites from a single host for over 10 years has taught me that web security is not a “set it and forget it” task. It requires constant vigilance. By taking these steps, I have finally begun to stabilize my sites, ensuring that when readers visit for news or charity updates, their safety is guaranteed.

If you are seeing “Not Secure” warnings on your site, don’t panic. Start with the basics: fix your mixed content, enforce your redirects, and keep your protocols updated. Your readers’ trust depends on it.

By Rakesh Raman, who is a national award-winning journalist and social activist. He is the founder of a humanitarian organization RMN Foundation which is working in diverse areas to help the disadvantaged and distressed people in the society.