Favorite Plugins – Chapter Two

Complete Analytics Optimization Suite (CAOS)
Active installs: 10,000+
Zip file size: 7k

REFERENCE: How does Google Analytics affect mobile speed?

Far Future Expiry Header
Active installs: 20,000+
Zip file size: 7k

This plugin appeared abandoned but it’s author returned and updated it recently. While this isn’t always necessary, it’s a good sign the plugin is “fresh.” We’ve used it for years.

This plugin will add a “far future expiration” date for various file types (like image files) to improve site performance. This is a best practice advocated by the Yahoo Extreme Performance Team. It keeps files and images cached longer. There is also a radio button to enable Gzip – a nice addition. (More about Gzip >)

REFERENCE: Is there a speed plugin for fixing Pingdom “Leverage Browser Caching” errors?

Holler Box – WordPress Popup Plugin for eCommerce
Active installs: 1,000+
Zip file size: 122k

This small plugin uses only 3 calls (HTTP requests). 2.8k, 3.6k, and 3.8k loaded in parallel. That’s about 10k. Estimated load time: less than 40 milliseconds. But not on every page – only where it’s used (selective activation). Holler Box is a nice, lightweight plugin built correctly for mobile speed.

Holler Box (112k download) does all the essential OptinMonster functions for free – plus some – and doesn’t weigh a ton. Hollarbox is lightweight and loads fast.

REFERENCE: Faster and free alternatives to popular OptinMonster or SumoMe WordPress plugins.

WP jQuery Plus
Active installs: 4,000+
Zip file size: 3k

Almost every browser on the planet already has Google’s jQuery CDN address loaded in cache.

You can change the WordPress code to substitute Google’s CDN hosted jQuery. But there’s an easier way. Just use WP jQuery Plus. It’s a WordPress plugin that loads jQuery from Google’s free Content Distribution Network (CDN). Users geographically far from you can download jQuery faster. The Google version of jQuery is also Gzip compressed and minified for fastest page loading. Yet, even though Google’s CDN servers are fast, it’s still not the biggest motivating gain.

REFERENCE: The fastest jQuery is the one you never have to load.

“Additional CSS” customization code often (usually?) disappears when changing themes and sometimes when updating. It depends upon the theme author’s diligence. Preservation isn’t built into core as one might suppose.

Adding a child theme to preserve custom CSS code generates an extra HTTP request. Our workaround (and there are others) is to use Tom Usbourne’s free “Simple CSS” plugin. It appears alongside the normal Additional CSS feature in the WordPress Customizer. This plugin doesn’t create an extra call (like a child theme) but still protects the code.

Simple CSS
Active installs: 70,000+
All-time downloads: 163,000

REFERENCE: Remove WordPress child themes for mobile speed.

Email Address Encoder
Active installs: 100,000+
Zip file size: 5k

REFERENCE: HTTPS / SSL and it’s negative impact on mobile speed.

Disable Embeds
Active installs: 10,000+
Zip file size: 3k

REFERENCE: oEmbed removal for mobile WordPress speed fanatics.

PNG to JPG plugin
Active installs: 2,000+
Zip file size: 10k

Description: Convert PNG images to JPG, free up web space and speed up your webpages:

  • Set quality of converted JPG.
  • Auto convert on upload.
  • Auto convert on upload only when PNG has no transparency.
  • Convert existing PNG image to JPG.
  • Bulk convert existing PNG images to JPG.

REFERENCE: WPFaster.com: 10 speed changes for $1,985. Do them yourself with free plugins.

P3 (Plugin Performance Profiler)
Active installs: 100,000+
Zip file size: 183k

Description: See which plugins are slowing down your site. This plugin creates a performance report for your site.

At this point, we smile. Over 100,000 sites made a bad assumption. They left this plugin active in the name of speed improvement. Ironically, the plugin slows every page and post by 12.7 milliseconds – even when sitting there. Oops!

WordPress plugins are PHP code. Various blogs and forums claim PHPv7 breaks the P3 plugin. The only plugin it tests is then itself. Our cheap, shared hosting is a techno-laggard (paradoxically, GoDaddy). They are still running PHPv5.4 as the default. Is that why they haven’t updated the plugin yet? For our speed demonstration, this may be helpful. But PHPv7 makes WordPress load so much faster – around a third the original v5.4 load time. Super fast. In theory, a 2-second page might load in 660 milliseconds. Beautiful! Many hosts have already adopted PHPv7. GoDaddy finally did mid-2017. We moved the version up a notch to version 7.1 in Cpanel on GoDaddy – a small speed boost.

P3 (Plugin Performance Profiler) causes 12.7 milliseconds of site drag. So we recalculate the results without this number messing things up. After testing, don’t leave it installed. At least, disable it. But we always remove it.

REFERENCE: P3 Plugin Performance Profiler and mobile WordPress speed.

Simple Basic Contact Form
Active installs: 9,000+
Zip file size: 261k

*All forms require placing a shortcode on your contact page.

REFERENCE: Contact Form 7 plugin slows down page speed for your entire website. Not just your contact page.

Date/Time Now Button
Active installs:
Zip download size:

REFERENCE: Evergreen Content: Expired dates diminish site credibility.

Autodescription (aka The SEO Framework)
Active installs:
Zip download size:

[dropcap]A[/dropcap]utodescription plugin doesn’t do grotesque slow downs like Yoast SEO (from 150 to 240 milliseconds site drag). All SEO plugins consume ever-growing database resources. The plugin authors don’t tell you about that hidden liability.

Do we think SEO tricks alter ranking or increase click thru? We’re unconvinced. It doesn’t move the needle. But site owners desire feeling in control of the uncontrollable page rank and clickthrough.

REFERENCE: Autodescription SEO plugin and mobile speed.

Lazy Load by WP Rocket
Active installs:
Zip download size:

What we like most: No JavaScript library such as jQuery is used and the script weight is 1k to 6k. Fast. And, it defers about 500k video page weight on heavy pages.

Go to Settings > LazyLoad and check the 3 boxes to activate. This will then lazy load:

REFERENCE: Lazy load images and video for mobile speed.

Deactivate XML-RPC Service
Active installs: Fewer than 10
Zip file size: 26k

REFERENCE: https://pagepipe.com/the-best-lightweight-plugin-for-deactivating-xml-rpc-to-improve-wordpress-security/


Simple Content Adder
Active installs: 30+
Zip file size: 1.2M

WP Image Refresh
Active installs: 700+
Zip file size: 823k

The two suggested plugins are free, obscure, and esoteric. We’ve experimented with various plugins. This combination works best for us.

REFERENCE: https://pagepipe.com/image-rotation-using-plugins-for-site-efficiency/

Disable Comments
Active installs: 1+ million
Zip file size: 82k

REFERENCE: https://pagepipe.com/anti-spam-disable-comments-with-a-plugin-and-get-rid-of-akismet-too/

Plugin Logic
Active installs: 100+
Zip file size: 15k

REFERENCE: https://pagepipe.com/selective-plugin-deactivation/

Peanut Butter Bar (smooth version)
Active installs: 600+
Zip file size: 39k

REFERENCE: https://pagepipe.com/top-hello-bar-knockoff-plugins-for-speed/

Remove Query Strings
Active installs: 10,000+
Zip file size: 12k

These plugins are super lightweight and benign. You may see millisecond improvements. There’s no reason not to install one for speed.

The bottomline is: removing query strings does no harm – but the only benefit most likely is an improved test score – not speed. Of course, the question is, “Why do speed tests insist it be done?” It’s ivory tower idealism.

REFERENCE: https://pagepipe.com/how-to-remove-query-strings-from-static-resources-with-a-wordpress-plugin/

Popular plugins usually aren’t the best for page speed.

From our experience with WordPress search, we get better results without the search enhancement plugin Relevanssi. It shuts down or bypasses normal search functions. There is no failsafe or fallback when Relevanssi malfunctions.

[dropcap]W[/dropcap]e tested the Relevanssi plugin free version some time ago. Many reviewers were sold on it. But real-world testing by us didn’t reveal much value from it. It was theoretically better. That doesn’t mean you shouldn’t use it if you want but we see no reason to recommend it to clients.

Relevanssi is available as free and paid versions. It doesn’t appear to slow down a website with any HTTP requests. P3 Profiler plugin (authored by GoDaddy) reports it adds only 19 milliseconds to load time. Big deal. It’s just another benign plugin taking up space.

We’ve never had a circumstance where WordPress search wasn’t sufficient – and even sometimes impressive. We use it all of the time to relocate obscure content on PagePipe. We suspect WordPress “search” has improved over time.


Summary: The WordPress search is much maligned but it’s probably not justified and the importance of a search function is often overstated.

Quote from that posts comments:

“As the developer of Relevanssi, I have to agree with your premise: for most users, the WP default search is good enough, now that it can sort results by relevancy and not just date (that search was awful, and something that had to be replaced in most cases).

I wrote Relevanssi, because I own two sites that are basically information warehouses. When you have 4000 book reviews, you need a good full-text search. But not every site is like that.” September 30, 2014, 2:33 am – Mikko Saari

To Engineer is Human by Henry Petroski is a book about engineering failures – mainly of buildings and bridge structures and airplanes during the 1980s and before. The main takeaway from the book is still applicable – and maybe even more so today: When technology or ideas are changing rapidly, there is never the opportunity to build a history or library of experience. This increases errors. Experience is what prevents accidents and disasters.

New upgraded versions of WordPress come out multiple times each year. And new plugins are being introduced at a breakneck pace. In 2013, 15,000+ plugins were in the WordPress plugin repository. In 2014, there were 29,000+ plugins in the repository. By 2015, the number was 35,000+. There are now (Sep. 2016) over 46,000+ free plugins in the repository. It’s difficult to stay on top of that rapid rate of change. It’s staggering – an annual growth rate of over 50 percent.

To make a fast decision, it’s plainly easier to select from the Top100 most popular plugins – and consider that good enough. Even this chart with a recent copyright of 2016 is outdated. It wrongly states there are over 35,000 plugins in the repository (it’s over 46,000). And this doesn’t count any of the plugins available on GitHub where authors refused to go through the WordPress red-tape of acceptance.

You can choose any plugin from the TOP100 and from our experience it will be the slowest and most bloated plugin in its class. For example: #1 Akismet: 52M installs, #2 Contact Form 7: 42M installs, #3 Yoast SEO: 33M installs, #5 Jetpack: 28M installs. These are all heavy plugins and either directly or indirectly affect load time. We see these plugins installed on most slow sites.

Jetpack plugin alone weighs almost as much as WordPress in it’s entirety!

Plugin popularity is rarely an indicator of good value. People assume they must be good. It makes for a faster decision. At one time, they were either the-only-game-in-town or repaired or compensated for WordPress deficiencies that later became solved with new WordPress versions. So even though the need for “repair” was gone or obsolete, the herd kept installing out of habit and myth. It became de-facto standard best practice.

As an example, WP Smush Image Optimization plugin (500,000+ installs) is an extremely popular plugin. But best case, it only reduces JPEG image file sizes by 10%. That’s insignificant for speed improvement. That’s because it uses lossless optimization. To get the real improvement from lossy compression (up to 70% reduction), you have to buy the premium/paid version. But WP Smush still doesn’t address the biggest issue. That is actual image dimensions. It will attempt to “smush” a monstrously-sized camera image – which of course still remains the same huge dimensions and a slow load.

The most preposterous marketing claim made by WP Smush plugin authors is that it will improve your SEO. Ridiculous!

That is why we recommend using Imsanity free plugin instead. It resizes and does lossy compression to whatever values we set. In our case, we set Imsanity to crop uploaded images to a maximum blog column width (750 pixels) and compress to a quality of 70. It doesn’t compress PNG images by default which we don’t care about in our case.

There are many free, good, lossy image optimization plugins but they are less popular with less than 100k installs. People just don’t test. They assume popular must be the best. To the contrary, it usually means they contribute to site drag and slow page speed.

Reduce SSL speed overhead for Easy Digital Downloads plugin and PayPal transactions.

Performance Offloading delivers content, features, or functions. But from different hosts, domains, or web services. This improves speed.

We saw performance offloading by using two domains with a French client. It was a brilliant accident. He hosted his lifestyle WordPress blog on one domain. And his super-heavy, subscriber, real-time, location map on another subdomain. He styled the two sites the same and used different themes to manage specialty functions. Users were unaware of the theme switch because the domain names were similar. And the user interface and navigation were identical.

It was seamless and amazing.

He quarantined all his poisonous Google Map requests on one domain. Google Map bits-and-pieces load on every page and post – a bad undocumented effect we call site drag. This nasty effect wasn’t happening on the blog posts and pages. They had speed purity. Untainted.

This ploy kept global loading (site drag) from slowing down all his blog posts. He didn’t discern the speed benefit – until we brought it to his attention. The blog posts were his visitor entry pages. Not the map section. The map got limited member traffic. Perfect.

Did this division hurt his SEO? Not from what we could determine. He received over 100,000 visits per month to his blog.

USING THE “FRENCH CONNECTION” TO OFFLOAD Secure Sockets Layer handshaking – SSL

SSL offloading keeps encryption and decryption on another website. It’s moved to a separate location for the task – like for an ecommerce store. Performance efficiency of the main site blog increases. We distribute the workload between two or more websites on the same server.

So what? Why would anyone care about this speed trick?

By offloading SSL, PagePipe achieved two goals:

PagePipe Goal #1: Reduce backup plugin overhead.

[dropcap]W[/dropcap]e wanted to get the heavy self-hosted PDFs off our media library. And stored somewhere else for free.

Our downloadable PDFs slowed down backups and consumed server resources. Offloading meant producing two site backups. The media library and our store didn’t need updating as often as blog content. Splitting backups improved server-resource efficiency. Our PDF inventory was pretty static compared to daily blog changes. This efficiency idea produces optimal resource usage, maximizes throughput, and minimizes response time.

Automatic site backups cause server-resource consumption. During these period of high server activity, your shared server will slow down. The more you need to backup, the longer you’ll slow down the site. Keeping our media library light helps speed up the backup process. Our blog is set to backup weekly and our store backs up fortnightly.

Is this a huge speed advantage? It depends upon how bloated your media library is. We’ve encounter some huge 45-Gigabyte media libraries. Those can’t be backed up with a free plugin and stored on a free 2-Gigabyte Dropbox account. This means extra cost purchasing backup, storage and restoring services for your website. Keeping your media library lean reduces your site’s annual overhead.

Merely backing up on your host server is not recommended. If the server gets hacked, you’re out of luck. Keep a backup offline or in the cloud – or both. And be sure you can restore. Many site owners don’t test this.

OFFSITE LINK: https://kinsta.com/blog/wordpress-backup-plugins/

Our Goal #2: Secure PayPal connections per PayPal’s specifications.

[dropcap]O[/dropcap]ur PagePipe ecommerce pages for selling ebooks needed SSL compliance to communicate between PayPal and Easy Digital Downloads (EDD) plugin. We were resisting PayPal dictates. Results: We got random transaction misfires.

By not complying, sales were still booked by PayPal and Easy Digital Downloads plugin. (We got our money!) But some buyers weren’t getting their confirmation EDD email with download links embedded. We also didn’t get email verification of payment received generated by the EDD plugin. Some buyers were left hanging out in the breeze with no product fulfillment. Terrible user experience and resultant distrust if not sheer panic of a scam. UX dud.

“Merchants and partners use HTTPS to securely connect with PayPal servers. We use the Transport Layer Security (TLS) protocol to encrypt these communications. To ensure the security of our systems and adhere to industry best practices, PayPal is updating its services to require TLS 1.2 for all HTTPS connections. At this time, PayPal will also require HTTP/1.1 for all connections.

This change is complete as of June 28, 2018.”


Oddity. It was in June our disgruntled buyers started writing saying, “Where’s the #$%@& stuff I paid for, you *&(%^!?.” An embarrassing coincidence of ignorance and techno bliss caused us loss of credibility. Buyer’s remorse.

PagePipe forced to use SSL/HTTPS?! Horrors! Instant revulsion. Why? The disgusting thought of adding 400 to 500 milliseconds SSL handshaking to normal slow server delays. That meant doubling or tripling our server losses. An excellent TTFB (time to first byte) is 300 milliseconds on a shared host. That’s a best-case scenario.

OFFSITE LINK: https://hackernoon.com/why-migrating-your-site-to-https-may-be-a-bad-idea-9d69d8c27fca

On shared web hosting, the TTFB is 500 to 800 milliseconds most often.  And in bad scenarios 1.0 to 1.5 seconds long. With a 1.5-second TTFB, plus an extra 500-millisecond SSL handshake, we’d consume our entire 2-second performance budget in one greedy gulp.

A full TLS handshake involves 2 round trips between the client and the server. Because of the difference between latency and bandwidth, a faster internet connection doesn’t make these round trips any faster. This handshake will typically take between 250 milliseconds to half a second, but it can take longer.

[fade-in fortissimo weeping sounds here]

We can do minor miracles and build speed sites loading in under 2 seconds even with a cruddy 1.5 second TTFB. That’s right. Compromise. Cram everything in the 500-millisecond remaining. But if you add SSL handshaking on top of that then we’re doomed. Thwarted.

So we setup a separate website for speed to handle the SSL delay (also know as load sharing).

That’s the SSL speed travesty. Loss of speed.

What does it mean for your site? Well, loading of WordPress core, plus the theme and any plugins. Or images. Or any other doodad widget like email signup, YouTube video, podcast, or ads are deal killers. The results? A performance optimization nightmare!

We hate Google and PayPal SSL/HTTPS mandates. Read more wicked Google SSL *conspiracy theory* here.

We’re hosting on cheap, GoDaddy shared, mechanical servers to prove the impossible. That’s right – a website page-load time in under 2 seconds with our open-source plugin methods. No CDN. Using a stock Twenty-seventeen default theme with 70-plus free plugins activated. Extreme? Sure. But not for the speed obsessed. We’re walking the talk. Trying anyway.

Does GoDaddy SSL support TLS 1.2 and HTTP/1.1? We had no idea.

You can use Qualys SSL Labs vulnerability tester to check which TLS version your host is using: https://www.ssllabs.com/ssltest/

We tested the host GoDaddy’s homepage (go ahead test your own site if SSL certification is activated.) It’s takes about 1 minute to complete.

Our web hosting services by GoDaddy are already supporting TLS 1.2 connections. Great! How much does that cost to activate? The cheapest “Standard DV SSL” is:

$69.99 U.S. Annual Repetitive Price. Per domain.

It wasn’t a joke. Every stinking year: $69.99. Serious business. Opportunists! Gougers! Millions of domains. But it seems there’s a GoDaddy SSL sale for signup enticement – about $50 US annually.

We don’t want to move our blog. So let’s do “The French Connection” trick – but without any crime. We’ll offload our store pages to another cheap hosting but with free SSL.  Are we that desperate? No. But … we’re determined to practice what we preach. Workaround these dirt-bag web weasels.

Where does one go for cheap hosting with free SSL? Take a dart and throw it. Every host out there has poor or angry revues. Don’t trust reviews. All hosting cycles from good to bad and back again for many reasons.

So build your site rugged and tolerant of variations in server speed. Test your new host. Get a refund and leave it they aren’t good enough.

Our criteria:

  • Cheap hosting.
  • Moderate 500 to 1000 millisecond TTFB (magnetic or SSD doesn’t matter).
  • Free SSL.
  • Provide Cpanel.
  • Easy WordPress installation with Installatron or equal.
  • Enough storage space for our 333-megabyte site. (Yeah. Small, tight and clean).
  • Good enough uptime.
  • Register a store domain name.
  • 30-day money-back guarantee.

We decided to give Asura Hosting a try. Why not? A few people hated them.  Mean, nasty, vindictive and vulgar people. Always a good sign!

We’ll be dumb and trust our instincts and move forward into the unknown. We can always pull the store and move.

They had the right specs. TTFB with SSL handshaking for their homepage is 848 milliseconds tested using ByteCheck.com. That leaves us a whole second to load store pages – plus 152 milliseconds for dessert. And their site design didn’t look abandoned in the 90s like some other hosts.

Asura Hosting

Domain registration: $9.99 (recurring discount 1 year)
Starter – pagepipe-secure-store.com (05/10/2018 – 04/10/2019) $12.00 USD
TOTAL: $19.99 with free SSL.

Twenty bucks versus Google’s $70. Savings: $50 per year.

So about Asura: their default PHP version is 7.0. We dialed that up to version 7.2 in Cpanel. That’s a 15-percent boost in speed for WordPress, theme, and plugins.

But we never could login to our Asura WordPress backend dashboard. We became instant haters!

So we dumped that host. In the name of time savings, we went ahead with a $48.74 on-sale GoDaddy-sponsored SSL annual license fee.

Remember, we’re not doing this silly SSL trick to beef up security. PayPal is secure enough. We’re complying with PayPal’s dictates for reliable product fulfillment. PayPal broke our Easy Digital Downloads plugin and we’re fixing it. We work hard salvaging every millisecond of speed we can.

Do we feel ripped off by GoDaddy? Yes. Especially when after purchase, we found out we didn’t need to buy their pricey certificate. We could have used a free one.They didn’t mention that alternative, of course. “Too soon we grow old. Too late we grow smart.” We want to install “Let’s Encrypt” free SSL certificate.

Was there any recourse – like a refund? Did GoDaddy bury that refund information? Yeah. They don’t make it obvious.

Here’s the GoDaddy service-chat answer: 30-day refund from date of purchase. OK. We got our money back. But not without consequence.

When GoDaddy pulled the now-cancelled SSL certification, it nuked all the image links on the new store site. Every image was broken.

So we reverted to our backup and reinstalled WordPress and the store.

Let’s-Encrypt free certification expires every 90 days. You then must renew. But we’re determined to reduce website overhead. Here’s how we did that installation:

Step One

Go to ZeroSSL
Click on “Online Tools”
Start the “FREE SSL Certificate Wizard”.

Follow the instructions, and you will end up with the following files:
a) a domain key
b) a domain CSR (certificate signing request)
c) an account key
d) the domain certificate

Copy each of those into text files (not a Word Processor. It adds junk).

Step Two

Go to cPanel on GoDaddy.
Scroll down to the Security section
Click on SSL/TLS.
Under “Install and Manage SSL for your site (HTTPS)”, click on “Manage SSL sites”.
There you will see a simple form where you provide (copy-and-paste) the following information:
a) the domain
b) the certificate
c) the private key
d) the certificate authority bundle.

Items b, c, and d are all things received from ZeroSSL. Duh!

Included as parts of the certificate are the beginning and ending markers, e.g. “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. If you don’t include these, you will get an error saying the certificate is not valid.

Also, the certificate you get from ZeroSSL has two parts. The actual certificate and the Certificate Authority Bundle (CABUNDLE). These are each marked with beginning and ending tags. Place them into two separate boxes on the form. Once you have filled in the form, and you have an indication that the content is correct, click on “Install Certificate”, and you’re finished.

Install Easy HTTPS (SSL) Redirection plugin if needed. We didn’t.



You’ll be asked to create two files with encrypted file names with encrypted content. Put these sub-directories on your hosting account root directory. The path will look like this: /public_html/.well-known/acme-challenge/ These are the files proving you have website ownership. When requesting the certificate at ZeroSSL, specify both yourdomain.com as well as www.yourdomain.com as a subdomain.

We used Cpanel file editor to created the nested folders and write the two single-line files.

The SSL installation wasn’t hard but it was somewhat confusing at times. Now we’ve done it once, it’s a piece of cake to repeat.



So here are the speed test results:

International Load Times, No CDN

PagePipe Blog homepage
398.2k page weight, 17 requests

Pingdom to San Francisco
590 millisecond
load time

Pingdom to Frankfurt
1.60 second
load time

Pingdom to London

1.93 second load time

Pingdom to Sao Paulo, Brazil
2.06 second load time

Pingdom to Tokyo
2.07 second load time

Pingdom to Sydney
2.28 second load time

PagePipe Store homepage – No CDN
193.9k page weight, 31 requests

Pingdom to San Francisco
730 millisecond
load time

Pingdom to Frankfurt
1.88 second
load time

Pingdom to London

1.81 second load time

Pingdom to Sao Paulo, Brazil
2.29 second load time

Pingdom to Tokyo
2.33 second load time

Pingdom to Sydney
2.98 second load time

Does Easy Digital Downloads and PayPal work with SSL only activated on the store domain?

Yes. Everything is working great. Cha-ching! Wanna buy an ebook?


After migrating our store pages, https://pagepipe-ebooks.com/ didn’t show a green padlock in Firefox on the homepage. But it did for all other store pages. We figured it was a mixed-content error as defined at this link:

REFERENCE: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

The homepage flashed a green padlock and then after page load switched the lock icon with a yellow triangle with an exclamation mark.

We tried two plugins first. We installed called “SSL Insecure Content Fixer.” and “Easy HTTPS (SSL) Redirection” Neither fixed anything.

The Solution

We identified “mixed content” using the Firefox addon or Chrome extension called Web Developer. This extension adds various web developer tools to the browser.

How to use Web Developer toolbar.
Click the web developer icon in your tool bar. Click the Images tab. Then click Display image paths. A popup shows the address of each image. All images should show “https” addresses. If you have any “http” addresses, these are causing the error. For the PagePipe store, we needed to remove image links back to the media library on vanilla PagePipe blog. That fixed it.

There is more to this story. After the 90-day period with Let’s Encrypt, we deliberately let the certificate expire. We wanted to see how much of a hassle this would be. It was a nightmare. In all fairness, Let’s Encrypt’s “expiry bot” did send a couple of warning emails, one 30-days before expiration and another 1-week later. This means the certificate really is transparent for 60-days and then you better start worrying about renewal.

READ the rest of the horror story now.