Google Chrome浏览器将阻止混合内容–您准备好了吗？

Recently, Google Chrome announced that they will soon start blocking mixed content also known as insecure content on web pages.

最近，谷歌浏览器宣布将很快开始阻止混合内容，也就是网页上的不安全内容。

This feature will be gradually rolled out starting from December 2019. This should give website owners enough time to check for mixed content errors and fix them before the block goes live.

该功能将从2019年12月开始逐步推出。这将使网站所有者有足够的时间检查混合内容错误，并在阻止该功能生效之前对其进行修复。

Failing to do so will cause poor user experience, loss of traffic, and loss of sales.

否则，将导致不良的用户体验，流量损失和销售损失。

In this guide, we will explain Google Chrome’s mixed content blocking and how you can be well prepared for it.

在本指南中，我们将说明Google Chrome浏览器的混合内容阻止功能以及如何为此做好准备。

Since this is a comprehensive guide, we have created an easy to follow table of content:

由于这是一本全面的指南，因此我们创建了易于理解的目录：

• What is mixed content?什么是混合内容？
• Why Google Chrome wants to block mixed content?为什么Google Chrome浏览器要阻止混合内容？
• What will happen if a website is showing mixed content?如果网站显示混合内容会怎样？
• How to prepare your website for mixed content block?如何为混合内容块准备您的网站？
• How to fix mixed content errors in WordPress?如何修复WordPress中的混合内容错误？

什么是混合内容？ (What is Mixed Content?)

Mixed content is a term used to describe non-https content loading on an HTTPS website.

混合内容是用于描述HTTPS网站上非https内容加载的术语。

HTTPS represent websites using a SSL certificate to deliver content. This technology makes websites secure by encrypting the data transfer between a website and a user’s browser.

HTTPS代表使用SSL证书传递内容的网站。 该技术通过对网站和用户浏览器之间的数据传输进行加密来使网站安全。

Google, Microsoft, WordPress.org, WPBeginner, and many other organizations are pushing HTTPs as the standard protocol for websites.

Google，Microsoft，WordPress.org，WPBeginner和许多其他组织正在将HTTPs用作网站的标准协议。

They have been very successful in their efforts. According to Google, “Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms.”

他们的努力非常成功。 根据Google的说法，“ Chrome浏览器用户现在在所有主要平台上的HTTPS上花费了超过90％的浏览时间。”

However, there are still many websites serving partial insecure content (mixed content) over HTTPs websites. Google aims to improve this situation by giving website owners a nudge in the right direction.

但是，仍然有许多网站通过HTTPs网站提供部分不安全的内容(混合内容)。 Google旨在通过向正确的方向推动网站所有者来改善这种情况。

为什么Google Chrome浏览器想要阻止混合内容？ (Why Google Chrome Wants to Block Mixed Content?)

Google Chrome already blocks mixed content, but it’s limited to certain content types like JavaScript and iFrame resources.

Google Chrome已经阻止了混合内容，但仅限于某些内容类型，例如JavaScript和iFrame资源。

From December 2019, Google Chrome will move forward to start blocking other mixed content resources like images, audio, video, cookies, and other web resources.

从2019年12月开始，谷歌浏览器将开始阻止其他混合内容资源，例如图像，音频，视频，Cookie和其他网络资源。

An insecure HTTP file on a secure HTTPs webpage can still be used by hackers to manipulate users, install malware, and hijack a website. This jeopardizes your website security as well as the safety of your website visitors.

黑客仍然可以使用安全HTTPS网页上的不安全HTTP文件来操纵用户，安装恶意软件以及劫持网站。 这会危害您的网站安全以及网站访问者的安全。

It also creates a bad user experience as Google Chrome cannot indicate whether a page is completely secure or insecure.

由于Google Chrome浏览器无法指示页面是完全安全还是不安全，因此还会带来糟糕的用户体验。

如果网站显示混合内容会怎样？ (What Will Happen if a Website is Showing Mixed Content?)

Google Chrome has announced a gradual plan to implement mixed content blocking. It will be implemented in three steps spawning over the next three releases of Google Chrome.

Google Chrome浏览器宣布了一项逐步计划，以实施混合内容阻止。 它将在接下来的三个Google Chrome版本中分三步实施。

Step 1

第1步

Starting from December 2019 (Chrome 79), it will add a new settings option to the ‘Site Settings’ menu. Users will be able to unblock the mixed content already blocked by Google Chrome including JavaScript and iframe resources.

从2019年12月(Chrome 79)开始，它将在“网站设置”菜单中添加一个新的设置选项。 用户将可以取消阻止已被Google Chrome浏览器阻止的混合内容，包括JavaScript和iframe资源。

If a user opts-out for a website, then Google Chrome will serve mixed content on that site, but it will replace the padlock icon with the insecure icon.

如果用户选择退出某个网站，则Google Chrome浏览器将在该网站上提供混合内容，但是它将用不安全的图标代替挂锁图标。

Step 2

第2步

Starting from January 2020 (Chrome 80), Google Chrome will start auto upgrading HTTP video and audio file URLs to HTTPs. If it fails to load them over https, then it will automatically block those files.

从2020年1月(Chrome 80)开始，Google Chrome将开始自动将HTTP视频和音频文件的URL升级为HTTP。 如果无法通过https加载它们，则它将自动阻止这些文件。

It will still allow images to load over HTTP, but the padlock icon will change to Not Secure icon if a website is serving images over HTTP.

它将仍然允许通过HTTP加载图像，但是如果网站通过HTTP提供图像，则挂锁图标将更改为“不安全”图标。

Step 3

第三步

From February 2020 (Chrome 81), Google Chrome will start auto-upgrading HTTP images to load over HTTPs. If it fails to load them over https, then those images will be blocked as well.

从2020年2月(Chrome 81)开始，Google Chrome浏览器将开始自动升级HTTP图像以通过HTTP加载。 如果无法通过https加载它们，那么这些图像也会被阻止。

Basically, if your website has any mixed content resources that are not upgraded to HTTPs, then users will see the Not Secure icon in their browser’s address bar.

基本上，如果您的网站上有任何未升级为HTTP的混合内容资源，则用户将在浏览器的地址栏中看到“不安全”图标。

This will create a poor user experience for them. It will also affect your brand reputation and business.

这将给他们带来不良的用户体验。 这也将影响您的品牌声誉和业务。

No need to panic though. You can easily prepare your website to fix all mixed content errors.

无需恐慌。 您可以轻松地准备网站以修复所有混合内容错误。

如何为Google Chrome的混合内容块准备WordPress网站 (How to Prepare Your WordPress Website for Google Chrome’s Mixed Content Block)

Google Chrome is the most popular browser in the world among both mobile and desktop users.

在移动和桌面用户中，谷歌浏览器是世界上最受欢迎的浏览器。

Leaving your website with incomplete HTTPS implementation or no HTTPS at all will result in loss of traffic, sales, and overall revenue.

留下不完整的HTTPS实施或完全不使用HTTPS的网站将导致流量，销售和整体收入的损失。

Here is what you need to do to prepare your website for these changes.

您需要执行以下操作来为这些更改做好准备。

将您的网站移至HTTPS (Move Your Website to HTTPS)

If your website is still using HTTP, then Google Chrome will already be showing a ‘Not Secure’ icon when users visit your website.

如果您的网站仍在使用HTTP，那么当用户访问您的网站时，Google Chrome浏览器将已经显示“不安全”图标。

It is about time to finally move your website to HTTPS.

现在是时候将该网站最终移至HTTPS了。

We know that changes like these can be a bit intimidating for beginners. Some site owners postpone the move due to cost, which is no longer an issue as you can easily get a free SSL certificate for your website.

我们知道，这些变化对于初学者来说可能有些吓人。 一些网站所有者由于成本而推迟了迁移，这不再是问题，因为您可以轻松地为您的网站获得免费的SSL证书 。

Other website owners delay it because they think it will be a complicated process and could break their website.

其他网站所有者延迟了此操作，因为他们认为这将是一个复杂的过程并且可能会破坏其网站。

That’s why we have created a step by step guide to easily move your WordPress site from HTTP to HTTPS.

这就是为什么我们创建了分步指南以轻松将WordPress网站从HTTP移到HTTPS的原因 。

We will walk you through every step and show you how to get that secure padlock icon next to your website address in all browsers.

我们将引导您完成所有步骤，并向您展示如何在所有浏览器中的网站地址旁边获取该安全挂锁图标。

在HTTPS网站上查找混合内容 (Finding Mixed Content on an HTTPS Website)

If you already have an HTTPS-enabled website, then here is how you will find mixed content on your site.

如果您已经拥有启用HTTPS的网站，则可以通过以下方法在网站上找到混合内容。

The first indication of mixed content issues will be visible in Google Chrome’s address bar when you visit your website.

当您访问网站时，混合内容问题的第一个迹象将显示在Google Chrome浏览器的地址栏中。

If Google Chrome has blocked a script on your website, then you will see the scripts blocked shield icon at the right corner of the address bar.

如果Google Chrome浏览器已阻止您网站上的脚本，则您将在地址栏的右上角看到脚本被阻止的屏蔽图标。

Google Chrome has already blocked the insecure content and that’s why the padlock icon on the left corner of the address bar will not change.

Google Chrome已经阻止了不安全的内容，这就是为什么地址栏左上角的挂锁图标不会更改的原因。

The second indication that you should look for is the info icon. This icon will replace the padlock if the page you are viewing has mixed content that Google Chrome has not blocked.

您应该寻找的第二个指示是信息图标。 如果您正在查看的页面包含Google Chrome尚未阻止的混合内容，则此图标将替换挂锁。

Clicking on the icon will show the notice that ‘Your connection to this site is not fully secure’.

单击该图标将显示“您与该站点的连接不完全安全”的通知。

Usually, this content includes images, cookies, audio, or video files. Chrome does not block those files at the moment and that’s why it shows this notice.

通常，此内容包括图像，Cookie，音频或视频文件。 Chrome目前不会阻止这些文件，这就是为什么它会显示此通知。

If your site has both icons, then this means your site is loading multiple types of mixed content files using HTTP.

如果您的站点同时具有两个图标，则意味着您的站点正在使用HTTP加载多种类型的混合内容文件。

Next, you need to find out which files are loaded using the insecure HTTP URLs. To do that, right-click anywhere on your website and select Inspect tool from the browser menu.

接下来，您需要找出使用不安全的HTTP URL加载了哪些文件。 为此，请右键单击您网站上的任意位置，然后从浏览器菜单中选择“检查工具”。

Switch to the ‘Console’ table under the Inspect window to view page load errors. You’ll be looking for ‘Mixed content:’ errors and warnings to find out which files are blocked and which files are loaded using the HTTP URLs.

切换到“检查”窗口下的“控制台”表，以查看页面加载错误。 您将查找“混合内容：”错误和警告，以查找哪些文件被阻止以及哪些文件使用HTTP URL加载。

修复WordPress中的混合内容错误 (Fixing Mixed Content Errors in WordPress)

There are two easy methods that you can use to fix mixed content warnings and errors on your WordPress website.

您可以使用两种简单的方法来修复WordPress网站上的混合内容警告和错误。

Method 1. Fix Mixed Content Errors and Warnings Using a Plugin

方法1.使用插件修复混合内容错误和警告

This method is easier and recommended for beginners. We will use a plugin that will find and replace HTTP URLs to HTTPs on the fly before sending it to user’s browser.

这种方法比较简单，建议初学者使用。 我们将使用一个插件，该插件可以在将HTTP URL发送到用户的浏览器之前即时找到HTTP URL并将其替换为HTTP。

The downside is that it adds a few milliseconds to your website’s page load speed which is barely noticeable.

缺点是，这会使您的网站的页面加载速度增加几毫秒，这几乎没有引起注意。

First, you need to install and activate the SSL Insecure Content Fixer plugin. For more details, see our step by step guide on how to install a WordPress plugin.

首先，您需要安装并激活SSL不安全内容修复程序插件。 有关更多详细信息，请参阅有关如何安装WordPress插件的分步指南。

Upon activation, go to Settings » SSL Insecure Content page to configure the plugin settings.

激活后，转到设置»SSL不安全内容页面以配置插件设置。

Select the ‘Simple’ option and then click on the ‘Save changes’ button to store your settings.

选择“简单”选项，然后单击“保存更改”按钮以存储您的设置。

Visit your website to look for mixed content warning errors.

访问您的网站以查找混合内容警告错误。

For more detailed instructions, see our article on how to fix mixed content error in WordPress.

有关更多详细说明，请参阅有关如何解决WordPress中混合内容错误的文章。

Method 2. Manually Fix Mixed Content Issues in WordPress

方法2。手动修复WordPress中的混合内容问题

This method can get a bit complicated for beginners. Basically, you’ll be finding the insecure URLs across your website and replacing it with secure URLs.

对于初学者来说，此方法可能会有些复杂。 基本上，您会在整个网站上找到不安全的URL，并将其替换为安全的URL。

We will still use a plugin to find insecure HTTP URLs on your website. However, you’ll be able to deactivate the plugin once you have changed the URLs, so this will not impact your page speed like the first option.

我们仍将使用插件在您的网站上查找不安全的HTTP URL。 但是，一旦您更改了URL，便可以停用该插件，因此这不会像第一个选项那样影响您的页面速度。

Let’s get started.

让我们开始吧。

First, you need to install and activate the Better Search and Replace plugin.

首先，您需要安装并激活Better Search and Replace插件。

Upon activation, you need to visit Tools » Better Search Replace page.

激活后，您需要访问工具»更好的搜索替换页面。

Under the ‘Search’ field, you need to add your website URL with http. After that, add your website URL with https under the ‘Replace’ field.

在“搜索”字段下，您需要使用http添加网站URL。 之后，在“替换”字段下添加带有https的网站URL。

Click on Run Search/Replace button to continue.

单击运行搜索/替换按钮以继续。

The plugin will now run and find all instances of your website URLs starting with http and replace them with the https.

现在，该插件将运行并查找以http开头的网站URL的所有实例，并将其替换为https。

The plugin works on your WordPress database, so it will only change URLs for your content areas.

该插件可在您的WordPress数据库上使用，因此只会更改您内容区域的URL。

If the mixed content resources are loaded by your WordPress theme or plugin, then you will need to inform the theme or plugin developer, so they can release a fix for that.

如果混合内容资源是由您的WordPress主题或插件加载的，则您需要通知主题或插件开发人员，以便他们可以为此发布修复程序。

For more details, see our complete beginner’s guide to fixing the common SSL/HTTPs issues in WordPress.

有关更多详细信息，请参阅我们完整的初学者指南，以解决WordPress中常见的SSL / HTTPs问题 。

We hope this article answered your questions regarding Google Chrome’s mixed content block and helped you get ready for it. You may also want to see our guide on how to use Google Search Console to grow your website traffic, and the important marketing data you must track on all WordPress sites.

我们希望本文能回答您有关Google Chrome浏览器混合内容阻止的问题，并帮助您为之做好准备。 您可能还想查看有关如何使用Google Search Console来增加网站流量的指南，以及必须在所有WordPress网站上跟踪的重要营销数据 。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章，请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

翻译自: https://www.wpbeginner.com/news/google-chrome-will-block-mixed-content-are-you-ready-for-it/