Get rid of unsecure web content (http)

Since WordPress is not exactly know for being secure (although this falls mainly on the plugins) it is always a good idea to patch it regularly. I recently updated the theme I use on this site, and forgot to back up the old theme folder before I did so. That meant I ran into this error message at the bottom of the browser when viewing the site in Internet Explorer:5-17-2016 7-28-40 AM

(Only secure content is displayed)

This means that there is unsecure http content linked somewhere on the page. The message only appears because I use https (thanks to Let’s Encrypt). Since I know that I didn’t link to anything using http I know that the content comes from the theme I use. The easiest way that I know to find instances of unsecure pages is by using grep. Here is an example done on FreeBSD running Apache:

This will show all instances of the word “http:” inside the theme folder:
5-17-2016 7-41-33 AMIn this case I know that it is the JavaScript file that is causing trouble, but if we want to replace any occurrence of http with https we can use sed in a simple bash script:

Run the script with bash and then we can verify that everything has been replaced:
5-17-2016 8-22-34 AM

The above script can be used to replace other words in files, just change the variables. Be advised that not all pages have https in place, so make a backup of the theme folder before replacing all http with https.