{"id":3983,"date":"2026-01-02T16:14:44","date_gmt":"2026-01-02T13:14:44","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/ssl-sonrasi-mixed-content-ve-guvensiz-icerik-hatalarini-duzeltmek\/"},"modified":"2026-01-02T16:14:44","modified_gmt":"2026-01-02T13:14:44","slug":"ssl-sonrasi-mixed-content-ve-guvensiz-icerik-hatalarini-duzeltmek","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/ssl-sonrasi-mixed-content-ve-guvensiz-icerik-hatalarini-duzeltmek\/","title":{"rendered":"SSL Sonras\u0131 Mixed Content ve G\u00fcvensiz \u0130\u00e7erik Hatalar\u0131n\u0131 D\u00fczeltmek"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#SSL_Sonrasi_Mixed_Content_Sorununu_Dogru_Teshis_Etmek\"><span class=\"toc_number toc_depth_1\">1<\/span> SSL Sonras\u0131 Mixed Content Sorununu Do\u011fru Te\u015fhis Etmek<\/a><\/li><li><a href=\"#Mixed_Content_Nedir_Neden_Olusur\"><span class=\"toc_number toc_depth_1\">2<\/span> Mixed Content Nedir, Neden Olu\u015fur?<\/a><\/li><li><a href=\"#Mixed_Content_Hatalarini_Neden_Ciddiye_Almalisiniz\"><span class=\"toc_number toc_depth_1\">3<\/span> Mixed Content Hatalar\u0131n\u0131 Neden Ciddiye Almal\u0131s\u0131n\u0131z?<\/a><\/li><li><a href=\"#Mixed_Content_Hatalarini_Tespit_Etme_Yontemleri\"><span class=\"toc_number toc_depth_1\">4<\/span> Mixed Content Hatalar\u0131n\u0131 Tespit Etme Y\u00f6ntemleri<\/a><ul><li><a href=\"#Tarayici_Gelistirici_Araclari\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Taray\u0131c\u0131 Geli\u015ftirici Ara\u00e7lar\u0131<\/a><\/li><li><a href=\"#Ag_Sekmesi_ve_Kaynak_Filtreleme\"><span class=\"toc_number toc_depth_2\">4.2<\/span> A\u011f Sekmesi ve Kaynak Filtreleme<\/a><\/li><li><a href=\"#Sunucu_ve_Panel_Tarafi_Loglar\"><span class=\"toc_number toc_depth_2\">4.3<\/span> Sunucu ve Panel Taraf\u0131 Loglar<\/a><\/li><\/ul><\/li><li><a href=\"#WordPress_Sitelerde_Mixed_Content_Hatalarini_Temizlemek\"><span class=\"toc_number toc_depth_1\">5<\/span> WordPress Sitelerde Mixed Content Hatalar\u0131n\u0131 Temizlemek<\/a><ul><li><a href=\"#1_Site_Adresi_URL_Ayarlarini_Kontrol_Edin\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. Site Adresi (URL) Ayarlar\u0131n\u0131 Kontrol Edin<\/a><\/li><li><a href=\"#2_Veritabaninda_http_-gt_https_Donusumu\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. Veritaban\u0131nda http -&gt; https D\u00f6n\u00fc\u015f\u00fcm\u00fc<\/a><\/li><li><a href=\"#3_Tema_ve_Eklentilerde_Hard-Coded_HTTP_Kaynaklari\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. Tema ve Eklentilerde Hard-Coded HTTP Kaynaklar\u0131<\/a><\/li><li><a href=\"#4_WordPress_CDN_Senaryosunda_Mixed_Content\"><span class=\"toc_number toc_depth_2\">5.4<\/span> 4. WordPress + CDN Senaryosunda Mixed Content<\/a><\/li><\/ul><\/li><li><a href=\"#Ozel_Yazilmis_PHP_Sitelerde_Mixed_Content_Cozumleri\"><span class=\"toc_number toc_depth_1\">6<\/span> \u00d6zel Yaz\u0131lm\u0131\u015f PHP Sitelerde Mixed Content \u00c7\u00f6z\u00fcmleri<\/a><ul><li><a href=\"#1_Temel_Base_URL_Config_Ayarlari\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1. Temel Base URL \/ Config Ayarlar\u0131<\/a><\/li><li><a href=\"#2_Kod_Icinde_Mutlak_HTTP_URL8217leri_Temizlemek\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2. Kod \u0130\u00e7inde Mutlak HTTP URL&#8217;leri Temizlemek<\/a><\/li><li><a href=\"#3_Reverse_Proxy_ve_X-Forwarded-Proto_Sorunlari\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3. Reverse Proxy ve X-Forwarded-Proto Sorunlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#CDN_Senaryolarinda_Guvensiz_Icerik_ve_Ozel_Durumlar\"><span class=\"toc_number toc_depth_1\">7<\/span> CDN Senaryolar\u0131nda G\u00fcvensiz \u0130\u00e7erik ve \u00d6zel Durumlar<\/a><ul><li><a href=\"#1_Farkli_Alan_Adlarinda_Statik_Icerik\"><span class=\"toc_number toc_depth_2\">7.1<\/span> 1. Farkl\u0131 Alan Adlar\u0131nda Statik \u0130\u00e7erik<\/a><\/li><li><a href=\"#2_upgrade-insecure-requests_ile_Gecici_Yamalar\"><span class=\"toc_number toc_depth_2\">7.2<\/span> 2. upgrade-insecure-requests ile Ge\u00e7ici Yamalar<\/a><\/li><\/ul><\/li><li><a href=\"#htaccess_Nginx_ve_HSTS_ile_HTTPS_Zorunlu_Hale_Getirmek\"><span class=\"toc_number toc_depth_1\">8<\/span> .htaccess, Nginx ve HSTS ile HTTPS Zorunlu Hale Getirmek<\/a><ul><li><a href=\"#1_HTTP8217den_HTTPS8217e_Yonlendirme\"><span class=\"toc_number toc_depth_2\">8.1<\/span> 1. HTTP&#8217;den HTTPS&#8217;e Y\u00f6nlendirme<\/a><\/li><li><a href=\"#2_HSTS_HTTP_Strict_Transport_Security\"><span class=\"toc_number toc_depth_2\">8.2<\/span> 2. HSTS (HTTP Strict Transport Security)<\/a><\/li><\/ul><\/li><li><a href=\"#Gercekci_Senaryolar_Adim_Adim_Cozum_Ornekleri\"><span class=\"toc_number toc_depth_1\">9<\/span> Ger\u00e7ek\u00e7i Senaryolar: Ad\u0131m Ad\u0131m \u00c7\u00f6z\u00fcm \u00d6rnekleri<\/a><ul><li><a href=\"#Senaryo_1_Kucuk_E-Ticaret_Sitesi_WordPress_WooCommerce\"><span class=\"toc_number toc_depth_2\">9.1<\/span> Senaryo 1: K\u00fc\u00e7\u00fck E-Ticaret Sitesi (WordPress + WooCommerce)<\/a><\/li><li><a href=\"#Senaryo_2_Kurumsal_PHP_Tanitim_Sitesi_Ozel_Yazilim\"><span class=\"toc_number toc_depth_2\">9.2<\/span> Senaryo 2: Kurumsal PHP Tan\u0131t\u0131m Sitesi (\u00d6zel Yaz\u0131l\u0131m)<\/a><\/li><li><a href=\"#Senaryo_3_CDN_Arkasinda_Yuksek_Trafikli_Blog\"><span class=\"toc_number toc_depth_2\">9.3<\/span> Senaryo 3: CDN Arkas\u0131nda Y\u00fcksek Trafikli Blog<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_Altyapisinda_Mixed_Content_Riskini_Azaltmak_Icin_Neler_Yapiyoruz\"><span class=\"toc_number toc_depth_1\">10<\/span> DCHost Altyap\u0131s\u0131nda Mixed Content Riskini Azaltmak \u0130\u00e7in Neler Yap\u0131yoruz?<\/a><\/li><li><a href=\"#Sonuc_Kalici_Bir_Mixed_Content_Temizlik_Yol_Haritasi\"><span class=\"toc_number toc_depth_1\">11<\/span> Sonu\u00e7: Kal\u0131c\u0131 Bir Mixed Content Temizlik Yol Haritas\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"SSL_Sonrasi_Mixed_Content_Sorununu_Dogru_Teshis_Etmek\">SSL Sonras\u0131 Mixed Content Sorununu Do\u011fru Te\u015fhis Etmek<\/span><\/h2>\n<p>HTTP&#8217;den HTTPS&#8217;e ge\u00e7i\u015f yapt\u0131ktan sonra taray\u0131c\u0131 adres \u00e7ubu\u011funda bekledi\u011finiz kilit simgesi yerine uyar\u0131 i\u015fareti, konsolda ise mixed content ve g\u00fcvensiz i\u00e7erik hatalar\u0131 g\u00f6r\u00fcyorsan\u0131z yaln\u0131z de\u011filsiniz. \u00d6zellikle WordPress, \u00f6zel yaz\u0131lm\u0131\u015f PHP siteler ve CDN kullanan projelerde bu sorunlar\u0131 neredeyse her hafta DCHost taraf\u0131nda gelen destek taleplerinde g\u00f6r\u00fcyoruz. \u0130yi haber \u015fu: Bu hatalar\u0131n tamam\u0131 \u00e7\u00f6z\u00fclebilir ve \u00e7o\u011fu durumda kal\u0131c\u0131 \u015fekilde \u00f6nlenebilir.<\/p>\n<p>Bu yaz\u0131da mixed content hatas\u0131n\u0131n ne oldu\u011funu, neden olu\u015ftu\u011funu ve WordPress, PHP ve CDN senaryolar\u0131nda ad\u0131m ad\u0131m nas\u0131l temizlenebilece\u011fini pratik \u00f6rneklerle anlataca\u011f\u0131z. Ayr\u0131ca .htaccess \/ Nginx y\u00f6nlendirmeleri, HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 (HSTS, CSP, upgrade-insecure-requests) ve taray\u0131c\u0131 geli\u015ftirici ara\u00e7lar\u0131n\u0131 birlikte kullanarak sorunu nas\u0131l hem te\u015fhis edip hem de kal\u0131c\u0131 olarak \u00e7\u00f6zebilece\u011finizi g\u00f6receksiniz. E\u011fer sitenizi hen\u00fcz yeni HTTPS&#8217;e ta\u015f\u0131d\u0131ysan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/httpden-httpse-gecis-rehberi-301-yonlendirme-hsts-ve-seoyu-korumak\/'>HTTP&#8217;den HTTPS&#8217;e ge\u00e7i\u015fte 301, HSTS ve SEO dengesini<\/a> anlatt\u0131\u011f\u0131m\u0131z rehberi de bu yaz\u0131yla birlikte okuman\u0131z\u0131 \u00f6neririz.<\/p>\n<h2><span id=\"Mixed_Content_Nedir_Neden_Olusur\">Mixed Content Nedir, Neden Olu\u015fur?<\/span><\/h2>\n<p>Mixed content, sayfan\u0131z HTTPS \u00fczerinden y\u00fcklenirken i\u00e7indeki baz\u0131 kaynaklar\u0131n (g\u00f6rsel, CSS, JS, font, iframe vb.) HTTP \u00fczerinden \u00e7a\u011fr\u0131lmas\u0131 durumudur. Taray\u0131c\u0131 a\u00e7\u0131s\u0131ndan bu, g\u00fcvenli bir sayfa i\u00e7ine g\u00fcvensiz par\u00e7alar g\u00f6m\u00fclmesi anlam\u0131na gelir.<\/p>\n<p>Temelde iki t\u00fcr mixed content vard\u0131r:<\/p>\n<ul>\n<li><strong>Pasif i\u00e7erik (mixed display content):<\/strong> G\u00f6rseller, videolar gibi sayfan\u0131n g\u00f6r\u00fcn\u00fcm\u00fcn\u00fc etkileyen ama do\u011frudan kod \u00e7al\u0131\u015ft\u0131rmayan i\u00e7erikler. Modern taray\u0131c\u0131lar bunlar\u0131n \u00e7o\u011funu da engelliyor veya en az\u0131ndan uyar\u0131 veriyor.<\/li>\n<li><strong>Aktif i\u00e7erik (mixed active content):<\/strong> JavaScript dosyalar\u0131, iframe i\u00e7indeki uygulamalar, baz\u0131 CSS dosyalar\u0131 gibi sayfan\u0131n davran\u0131\u015f\u0131n\u0131 de\u011fi\u015ftirebilen i\u00e7erikler. G\u00fcvenlik riski daha y\u00fcksek oldu\u011fu i\u00e7in taray\u0131c\u0131lar genelde bunlar\u0131 tamamen blokluyor.<\/li>\n<\/ul>\n<p>Mixed content genellikle \u015fu durumlarda ortaya \u00e7\u0131kar:<\/p>\n<ul>\n<li>Siteniz HTTPS&#8217;e ta\u015f\u0131n\u0131r ama veritaban\u0131nda veya kod i\u00e7inde eski http URL&#8217;ler kal\u0131r.<\/li>\n<li>Tema veya eklentilerde statik olarak http ile yaz\u0131lm\u0131\u015f kaynak adresleri vard\u0131r.<\/li>\n<li>CDN veya statik dosya alan ad\u0131n\u0131z i\u00e7in HTTPS tam olarak etkin de\u011fildir.<\/li>\n<li>Reverse proxy veya CDN arkas\u0131ndaki PHP uygulamas\u0131, iste\u011fin HTTPS oldu\u011funu do\u011fru alg\u0131lam\u0131yordur.<\/li>\n<\/ul>\n<h2><span id=\"Mixed_Content_Hatalarini_Neden_Ciddiye_Almalisiniz\">Mixed Content Hatalar\u0131n\u0131 Neden Ciddiye Almal\u0131s\u0131n\u0131z?<\/span><\/h2>\n<p>Bir\u00e7ok kullan\u0131c\u0131 kilit simgesini g\u00f6rd\u00fc\u011f\u00fcnde siteye g\u00fcveniyor, g\u00f6rmedi\u011finde ise \u00f6deme ad\u0131mlar\u0131nda geri d\u00f6n\u00fcyor. Mixed content sorunlar\u0131n\u0131 h\u0131zl\u0131ca \u00e7\u00f6zmenizi gerektiren ba\u015fl\u0131ca nedenler:<\/p>\n<ul>\n<li><strong>Taray\u0131c\u0131 uyar\u0131lar\u0131:<\/strong> Chrome, Firefox, Safari gibi taray\u0131c\u0131lar Not Secure (G\u00fcvenli de\u011fil) ibaresi, uyar\u0131 simgeleri ve konsolda k\u0131rm\u0131z\u0131 hatalar g\u00f6steriyor.<\/li>\n<li><strong>Form ve \u00f6deme g\u00fcvenli\u011fi:<\/strong> Form verileri ve \u00f6deme bilgileri teorik olarak HTTPS ile korunuyor olsa bile taray\u0131c\u0131, sayfay\u0131 karma i\u00e7erik nedeniyle riskli kabul ediyor.<\/li>\n<li><strong>SEO etkisi:<\/strong> Google uzun s\u00fcredir HTTPS&#8217;i s\u0131ralama fakt\u00f6r\u00fc olarak kullan\u0131yor. G\u00fcvensiz \/ yar\u0131 g\u00fcvenli sayfalar, \u00f6zellikle e-ticaret ve kurumsal siteler i\u00e7in olumsuz sinyal olu\u015fturabiliyor. Bu konuyu daha geni\u015f \u00e7er\u00e7evede <a href='https:\/\/www.dchost.com\/blog\/web-hosting-nedir-domain-dns-sunucu-ve-ssl-nasil-birlikte-calisir\/'>domain, DNS, sunucu ve SSL&#8217;in birlikte \u00e7al\u0131\u015fma mant\u0131\u011f\u0131n\u0131 anlatt\u0131\u011f\u0131m\u0131z<\/a> yaz\u0131da detayland\u0131rd\u0131k.<\/li>\n<li><strong>G\u00fcvenlik ba\u015fl\u0131klar\u0131 ile \u00e7eli\u015fme:<\/strong> HSTS, CSP, upgrade-insecure-requests gibi modern g\u00fcvenlik \u00f6nlemleri mixed content ile birlikte do\u011fru \u00e7al\u0131\u015fmaz veya beklemedi\u011finiz yan etkiler do\u011furur.<\/li>\n<\/ul>\n<h2><span id=\"Mixed_Content_Hatalarini_Tespit_Etme_Yontemleri\">Mixed Content Hatalar\u0131n\u0131 Tespit Etme Y\u00f6ntemleri<\/span><\/h2>\n<h3><span id=\"Tarayici_Gelistirici_Araclari\">Taray\u0131c\u0131 Geli\u015ftirici Ara\u00e7lar\u0131<\/span><\/h3>\n<p>\u0130lk ad\u0131m her zaman taray\u0131c\u0131 taraf\u0131nda te\u015fhistir:<\/p>\n<ol>\n<li>Chrome veya Firefox ile sitenizi a\u00e7\u0131n.<\/li>\n<li>Sa\u011f t\u0131klay\u0131p Inspect \/ \u0130ncele deyin.<\/li>\n<li>Console (Konsol) sekmesine ge\u00e7in.<\/li>\n<li>Mixed content veya G\u00fcvensiz i\u00e7erik ile ilgili k\u0131rm\u0131z\u0131\/sar\u0131 uyar\u0131lar\u0131 inceleyin.<\/li>\n<\/ol>\n<p>Genellikle \u015fu tip mesajlar g\u00f6r\u00fcrs\u00fcn\u00fcz:<\/p>\n<ul>\n<li>Mixed Content: The page at &#8216;https:\/\/siteadiniz.com&#8217; was loaded over HTTPS, but requested an insecure image &#8216;http:\/\/&#8230;&#8217;<\/li>\n<li>Mixed Content: This request has been blocked; the content must be served over HTTPS.<\/li>\n<\/ul>\n<p>Bu mesajlar size tam olarak hangi kayna\u011f\u0131n (g\u00f6rsel, CSS, JS) hangi URL&#8217;den http olarak y\u00fcklendi\u011fini g\u00f6sterir. Makalenin devam\u0131nda yapaca\u011f\u0131m\u0131z t\u00fcm d\u00fczeltmeleri bu listeye bakarak ad\u0131m ad\u0131m do\u011frulayaca\u011f\u0131z.<\/p>\n<h3><span id=\"Ag_Sekmesi_ve_Kaynak_Filtreleme\">A\u011f Sekmesi ve Kaynak Filtreleme<\/span><\/h3>\n<p>Network (A\u011f) sekmesinde istekleri protokole g\u00f6re filtreleyerek http ile gelenleri g\u00f6rebilirsiniz:<\/p>\n<ol>\n<li>Network sekmesine ge\u00e7in, sayfay\u0131 yenileyin.<\/li>\n<li>Domain s\u00fctununda http ile ba\u015flayan istekleri bulun.<\/li>\n<li>T\u00fcr\u00fcne g\u00f6re (image, script, stylesheet, font) grupland\u0131rarak hangi t\u00fcr kaynaklarda sorun oldu\u011funu not al\u0131n.<\/li>\n<\/ol>\n<h3><span id=\"Sunucu_ve_Panel_Tarafi_Loglar\">Sunucu ve Panel Taraf\u0131 Loglar<\/span><\/h3>\n<p>\u00d6zellikle b\u00fcy\u00fck projelerde, taray\u0131c\u0131 ile tek tek sayfa gezmek zahmetli olabilir. Bu durumda:<\/p>\n<ul>\n<li>Web sunucu loglar\u0131nda http ile ba\u015flayan istekleri arayabilir,<\/li>\n<li>Uygulama loglar\u0131na basit bir filtre ekleyerek gelen URL&#8217;lerde http kullan\u0131m\u0131n\u0131 yakalayabilir,<\/li>\n<li>WordPress veya PHP uygulaman\u0131zda ge\u00e7ici bir loglama ile olu\u015fturulan mutlak URL&#8217;leri analiz edebilirsiniz.<\/li>\n<\/ul>\n<p>Genel SSL problemlerini daha geni\u015f bir perspektiften ele ald\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/ssl-sertifika-hatalari-rehberi-mixed-content-not-secure-ve-tarayici-uyarilarini-hosting-tarafinda-cozmek\/'>SSL sertifika hatalar\u0131 rehberi<\/a> makalesi de taray\u0131c\u0131 uyar\u0131lar\u0131n\u0131 okuma konusunda i\u015finizi kolayla\u015ft\u0131racakt\u0131r.<\/p>\n<h2><span id=\"WordPress_Sitelerde_Mixed_Content_Hatalarini_Temizlemek\">WordPress Sitelerde Mixed Content Hatalar\u0131n\u0131 Temizlemek<\/span><\/h2>\n<h3><span id=\"1_Site_Adresi_URL_Ayarlarini_Kontrol_Edin\">1. Site Adresi (URL) Ayarlar\u0131n\u0131 Kontrol Edin<\/span><\/h3>\n<p>WordPress&#8217;te en kritik ad\u0131m, site URL&#8217;lerinin HTTPS&#8217;e tam olarak ge\u00e7mesidir:<\/p>\n<ul>\n<li>Y\u00f6netim paneline giri\u015f yap\u0131n.<\/li>\n<li>Ayarlar &gt; Genel men\u00fcs\u00fcne gidin.<\/li>\n<li>&#8216;WordPress adresi (URL)&#8217; ve &#8216;Site adresi (URL)&#8217; alanlar\u0131n\u0131n her ikisinin de https ile ba\u015flad\u0131\u011f\u0131ndan emin olun.<\/li>\n<\/ul>\n<p>E\u011fer bu alanlara eri\u015femiyorsan\u0131z veya gri g\u00f6r\u00fcn\u00fcyorsa, muhtemelen <code>wp-config.php<\/code> i\u00e7inde \u015fu sabitler tan\u0131ml\u0131d\u0131r:<\/p>\n<pre>&lt;?php\ndefine('WP_HOME', 'http:\/\/siteadiniz.com');\ndefine('WP_SITEURL', 'http:\/\/siteadiniz.com');\n?&gt;<\/pre>\n<p>Bunlar\u0131 https&#8217;e \u00e7evirin:<\/p>\n<pre>&lt;?php\ndefine('WP_HOME', 'https:\/\/siteadiniz.com');\ndefine('WP_SITEURL', 'https:\/\/siteadiniz.com');\n?&gt;<\/pre>\n<p>De\u011fi\u015fiklikten sonra \u00f6nbelle\u011fi temizleyip (varsa cache eklentisi ve CDN cache) sayfay\u0131 yenileyin, konsolu tekrar kontrol edin.<\/p>\n<h3><span id=\"2_Veritabaninda_http_-gt_https_Donusumu\">2. Veritaban\u0131nda http -&gt; https D\u00f6n\u00fc\u015f\u00fcm\u00fc<\/span><\/h3>\n<p>Eski yaz\u0131lar, sayfalar, men\u00fcler, widget&#8217;lar, shortcoder ve Gutenberg bloklar\u0131 i\u00e7inde http ile ba\u015flayan mutlak linkler kalm\u0131\u015f olabilir. Bunlar\u0131 veritaban\u0131 seviyesinde temizlemek gerekir. \u0130\u015fleme ba\u015flamadan \u00f6nce mutlaka tam bir yedek al\u0131n. cPanel kullan\u0131yorsan\u0131z <a href='https:\/\/www.dchost.com\/blog\/cpanelde-tum-siteyi-yedekleme-ve-geri-yukleme-rehberi\/'>cPanel&#8217;de tam site yede\u011fi alma rehberimize<\/a> g\u00f6z atabilirsiniz.<\/p>\n<p>En basit yakla\u015f\u0131m, bir arama-de\u011fi\u015ftirme arac\u0131yla \u015fu d\u00f6n\u00fc\u015f\u00fcmleri yapmakt\u0131r:<\/p>\n<ul>\n<li><code>http:\/\/siteadiniz.com<\/code> \u2192 <code>https:\/\/siteadiniz.com<\/code><\/li>\n<li><code>http:\/\/www.siteadiniz.com<\/code> \u2192 <code>https:\/\/www.siteadiniz.com<\/code> (varsa)<\/li>\n<\/ul>\n<p>WordPress veritaban\u0131 seri hale getirilmi\u015f (serialized) veriler i\u00e7erdi\u011fi i\u00e7in, do\u011frudan SQL ile replace yapmak risklidir. Bu y\u00fczden:<\/p>\n<ul>\n<li>WordPress&#8217;e \u00f6zel arama-de\u011fi\u015ftirme ara\u00e7lar\u0131 veya WP-CLI kullanan skriptler tercih edilmeli,<\/li>\n<li>\u00d6nce staging veya test ortam\u0131nda denenmeli,<\/li>\n<li>\u0130\u015flem sonras\u0131 \u00f6zellikle <code>wp_options<\/code> ve <code>wp_postmeta<\/code> i\u00e7eri\u011fi spot kontrollerle kontrol edilmelidir.<\/li>\n<\/ul>\n<p>Staging ortam\u0131 kurmak ve de\u011fi\u015fiklikleri canl\u0131ya almadan \u00f6nce test etmek i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-wordpress-staging-ortami-kurmak-adim-adim-uygulamali-rehber\/'>payla\u015f\u0131ml\u0131 hosting&#8217;de WordPress staging ortam\u0131 kurma rehberimizi<\/a> kullanabilirsiniz.<\/p>\n<h3><span id=\"3_Tema_ve_Eklentilerde_Hard-Coded_HTTP_Kaynaklari\">3. Tema ve Eklentilerde Hard-Coded HTTP Kaynaklar\u0131<\/span><\/h3>\n<p>Baz\u0131 eski temalar ve eklentiler, \u00f6zellikle CSS, JS ve font dosyalar\u0131n\u0131 sabit http adresiyle \u00e7a\u011f\u0131r\u0131r. \u00d6rne\u011fin:<\/p>\n<pre>&lt;link rel='stylesheet' href='http:\/\/cdn.ornek.com\/style.css'&gt;<\/pre>\n<p>Bunlar\u0131 tespit etmek i\u00e7in:<\/p>\n<ul>\n<li>Tema klas\u00f6r\u00fcn\u00fcz\u00fc (genellikle <code>wp-content\/themes\/tema-adi<\/code>) a\u00e7\u0131n.<\/li>\n<li><code>http:\/\/<\/code> ifadesini t\u00fcm dosyalarda aray\u0131n.<\/li>\n<li>Benzer \u015fekilde <code>wp-content\/plugins<\/code> i\u00e7inde de arama yap\u0131n.<\/li>\n<\/ul>\n<p>M\u00fcmk\u00fcnse:<\/p>\n<ul>\n<li>Kaynaklar\u0131 https ile d\u00fczeltin,<\/li>\n<li>\u015eemadan ba\u011f\u0131ms\u0131z (protocol-relative) kullan\u0131n: <code>\/\/cdn.ornek.com\/style.css<\/code>,<\/li>\n<li>Veya WordPress fonksiyonlar\u0131yla dinamik \u00fcretin: <code>get_template_directory_uri()<\/code>, <code>plugins_url()<\/code> vb.<\/li>\n<\/ul>\n<h3><span id=\"4_WordPress_CDN_Senaryosunda_Mixed_Content\">4. WordPress + CDN Senaryosunda Mixed Content<\/span><\/h3>\n<p>WordPress sitelerde CDN kullan\u0131rken mixed content ya\u015fanmas\u0131n\u0131n yayg\u0131n nedenleri:<\/p>\n<ul>\n<li>CDN alan ad\u0131n\u0131n yaln\u0131zca http ile yap\u0131land\u0131r\u0131lm\u0131\u015f olmas\u0131,<\/li>\n<li>CDN sertifikas\u0131n\u0131n eksik ya da hatal\u0131 olmas\u0131,<\/li>\n<li>Temada CDN adresinin http ile sabitlenmi\u015f olmas\u0131,<\/li>\n<li>CDN&#8217;ye ta\u015f\u0131nmayan baz\u0131 dosyalar\u0131n hala origin \u00fczerinden http ile \u00e7a\u011fr\u0131lmas\u0131.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm i\u00e7in:<\/p>\n<ol>\n<li>CDN sa\u011flay\u0131c\u0131n\u0131zda kulland\u0131\u011f\u0131n\u0131z alan ad\u0131n\u0131n (\u00f6rne\u011fin <code>cdn.siteadiniz.com<\/code>) mutlaka ge\u00e7erli bir <a href=\"https:\/\/www.dchost.com\/tr\/ssl\">SSL sertifikas\u0131<\/a> ile \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olun.<\/li>\n<li>WordPress CDN ayarlar\u0131n\u0131zda t\u00fcm URL&#8217;leri https olarak tan\u0131mlay\u0131n.<\/li>\n<li>Tema dosyalar\u0131nda do\u011frudan yaz\u0131lm\u0131\u015f CDN URL&#8217;lerini https veya \u015fema ba\u011f\u0131ms\u0131z hale getirin.<\/li>\n<li>CDN cache&#8217;ini tamamen temizleyip sayfay\u0131 yenileyin.<\/li>\n<\/ol>\n<p>CDN kullan\u0131m\u0131n\u0131n performansa etkilerini ve ne zaman mant\u0131kl\u0131 oldu\u011funu <a href='https:\/\/www.dchost.com\/blog\/cdn-nedir-ne-zaman-gerekir-trafik-ve-lokasyona-gore-karar-rehberi\/'>CDN nedir, ne zaman gerekir rehberimizde<\/a> ayr\u0131nt\u0131l\u0131 anlatt\u0131k. Ayr\u0131ca CDN ile \u00f6nbellek ve cache-control ba\u015fl\u0131klar\u0131n\u0131 do\u011fru kullanmak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/tarayici-ve-cdn-onbellekleme-neden-bu-kadar-kritik\/'>taray\u0131c\u0131 ve CDN \u00f6nbelleklemenin \u00f6nemi<\/a> yaz\u0131s\u0131 da i\u015finize yarayacakt\u0131r.<\/p>\n<h2><span id=\"Ozel_Yazilmis_PHP_Sitelerde_Mixed_Content_Cozumleri\">\u00d6zel Yaz\u0131lm\u0131\u015f PHP Sitelerde Mixed Content \u00c7\u00f6z\u00fcmleri<\/span><\/h2>\n<h3><span id=\"1_Temel_Base_URL_Config_Ayarlari\">1. Temel Base URL \/ Config Ayarlar\u0131<\/span><\/h3>\n<p>\u00d6zel yaz\u0131lm\u0131\u015f PHP uygulamalarda genellikle bir <code>config.php<\/code> veya .env dosyas\u0131nda base URL bulunur:<\/p>\n<pre>$config['base_url'] = 'http:\/\/siteadiniz.com\/';<\/pre>\n<p>HTTPS&#8217;e ge\u00e7tikten sonra bunu:<\/p>\n<pre>$config['base_url'] = 'https:\/\/siteadiniz.com\/';<\/pre>\n<p>\u015feklinde g\u00fcncellemeniz gerekir. E\u011fer uygulama, t\u00fcm linkleri ve statik dosya yollar\u0131n\u0131 bu base_url \u00fczerinden \u00fcretiyorsa, mixed content&#8217;in b\u00fcy\u00fck k\u0131sm\u0131 burada \u00e7\u00f6z\u00fclecektir.<\/p>\n<h3><span id=\"2_Kod_Icinde_Mutlak_HTTP_URL8217leri_Temizlemek\">2. Kod \u0130\u00e7inde Mutlak HTTP URL&#8217;leri Temizlemek<\/span><\/h3>\n<p>Kod taban\u0131n\u0131zda do\u011frudan http ile ba\u015flayan URL&#8217;ler olabilir:<\/p>\n<pre>&lt;img src='http:\/\/siteadiniz.com\/uploads\/resim.jpg'&gt;\n&lt;script src='http:\/\/cdn.siteadiniz.com\/app.js'&gt;&lt;\/script&gt;<\/pre>\n<p>Ad\u0131msal \u00e7\u00f6z\u00fcm:<\/p>\n<ul>\n<li>Proje klas\u00f6r\u00fcnde <code>http:\/\/siteadiniz.com<\/code> ve <code>http:\/\/www.siteadiniz.com<\/code> ifadelerini aray\u0131n.<\/li>\n<li>Bunlar\u0131 https&#8217;e \u00e7evirin veya base URL fonksiyonlar\u0131n\u0131zla dinamik hale getirin.<\/li>\n<li>Mutlak URL yerine m\u00fcmk\u00fcn oldu\u011funda g\u00f6reli URL (<code>\/uploads\/resim.jpg<\/code>) kullanmay\u0131 tercih edin.<\/li>\n<\/ul>\n<h3><span id=\"3_Reverse_Proxy_ve_X-Forwarded-Proto_Sorunlari\">3. Reverse Proxy ve X-Forwarded-Proto Sorunlar\u0131<\/span><\/h3>\n<p>PHP uygulaman\u0131z bir CDN veya reverse proxy (\u00f6rne\u011fin \u00f6n\u00fcnde bir HTTP y\u00fck dengeleyici) arkas\u0131nda \u00e7al\u0131\u015f\u0131yorsa, uygulama gelen iste\u011fin HTTPS oldu\u011funu do\u011fru alg\u0131lamayabilir. Bu durumda:<\/p>\n<ul>\n<li><code>$_SERVER['HTTPS']<\/code> bo\u015f gelebilir,<\/li>\n<li><code>$_SERVER['SERVER_PORT']<\/code> 80 g\u00f6r\u00fcnebilir,<\/li>\n<li>Uygulama URL \u00fcretirken http kullanmaya devam eder.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm i\u00e7in:<\/p>\n<ul>\n<li>Proxy sunucusunda <code>X-Forwarded-Proto: https<\/code> ba\u015fl\u0131\u011f\u0131n\u0131 iletti\u011finizden emin olun.<\/li>\n<li>PHP veya framework katman\u0131nda bu ba\u015fl\u0131\u011f\u0131 kontrol edip HTTPS&#8217;i zorlay\u0131n.<\/li>\n<li>Nginx veya Apache taraf\u0131nda uygun <code>set_real_ip_from<\/code> \/ <code>RemoteIPHeader<\/code> ayarlar\u0131 yap\u0131n.<\/li>\n<\/ul>\n<p>Bu t\u00fcr senaryolar \u00f6zellikle \u00e7ok katmanl\u0131 mimarilerde ve ayr\u0131 frontend + API sunucusu kullanan yap\u0131larda s\u0131k g\u00f6r\u00fcl\u00fcr. Bu tip mimarileri <a href='https:\/\/www.dchost.com\/blog\/react-vue-ve-angular-single-page-applicationlari-ayni-alan-adinda-api-ile-host-etmek-nginx-yonlendirme-ve-ssl-mimarisi\/'>SPA + API ayn\u0131 alan ad\u0131nda Nginx y\u00f6nlendirme ve SSL mimarisi<\/a> yaz\u0131m\u0131zda ayr\u0131nt\u0131l\u0131 olarak ele ald\u0131k.<\/p>\n<h2><span id=\"CDN_Senaryolarinda_Guvensiz_Icerik_ve_Ozel_Durumlar\">CDN Senaryolar\u0131nda G\u00fcvensiz \u0130\u00e7erik ve \u00d6zel Durumlar<\/span><\/h2>\n<h3><span id=\"1_Farkli_Alan_Adlarinda_Statik_Icerik\">1. Farkl\u0131 Alan Adlar\u0131nda Statik \u0130\u00e7erik<\/span><\/h3>\n<p>Bir\u00e7ok projede as\u0131l site adresi ile statik i\u00e7erik alan ad\u0131 ayr\u0131l\u0131r:<\/p>\n<ul>\n<li>Uygulama: <code>https:\/\/www.siteadiniz.com<\/code><\/li>\n<li>Statik \/ CDN: <code>https:\/\/static.siteadiniz.com<\/code> veya <code>https:\/\/cdn.siteadiniz.com<\/code><\/li>\n<\/ul>\n<p>E\u011fer CDN alan ad\u0131n\u0131z i\u00e7in SSL tam kurulu de\u011filse veya kod i\u00e7inde hala <code>http:\/\/cdn.siteadiniz.com<\/code> kullan\u0131l\u0131yorsa, taray\u0131c\u0131 bu istekleri g\u00fcvensiz kabul eder. Yapman\u0131z gerekenler:<\/p>\n<ul>\n<li>CDN alan ad\u0131n\u0131z i\u00e7in ge\u00e7erli bir SSL sertifikas\u0131 kurmak (DV, Wildcard vb.),<\/li>\n<li>Origin sunucunuzun da HTTPS ile sa\u011fl\u0131kl\u0131 yan\u0131t verdi\u011finden emin olmak,<\/li>\n<li>Uygulama konfigurasyonunda t\u00fcm CDN URL&#8217;lerini https&#8217;e \u00e7evirmek.<\/li>\n<\/ul>\n<h3><span id=\"2_upgrade-insecure-requests_ile_Gecici_Yamalar\">2. upgrade-insecure-requests ile Ge\u00e7ici Yamalar<\/span><\/h3>\n<p>CSP (Content Security Policy) i\u00e7inde <code>upgrade-insecure-requests<\/code> y\u00f6nergesini kullanarak taray\u0131c\u0131ya http ile \u00e7a\u011fr\u0131lan kaynaklar\u0131 otomatik olarak https&#8217;e y\u00fckseltmesini s\u00f6yleyebilirsiniz:<\/p>\n<pre>Content-Security-Policy: upgrade-insecure-requests;<\/pre>\n<p>Bu, \u00f6zellikle y\u00fczlerce i\u00e7erik i\u00e7eren b\u00fcy\u00fck sitelerde ge\u00e7ici bir <em>g\u00fcvenlik filesi<\/em> gibi i\u015fe yarar, ancak tek ba\u015f\u0131na kal\u0131c\u0131 \u00e7\u00f6z\u00fcm de\u011fildir:<\/p>\n<ul>\n<li>Eski i\u00e7erikleriniz hala http ile kay\u0131tl\u0131 kal\u0131r.<\/li>\n<li>CDN veya \u00fc\u00e7\u00fcnc\u00fc parti servisleriniz https desteklemiyorsa sorun devam eder.<\/li>\n<li>Uzun vadede veritaban\u0131 ve kod taraf\u0131nda ger\u00e7ek temizlik yap\u0131lmas\u0131 gerekir.<\/li>\n<\/ul>\n<p>CSP ve di\u011fer HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 daha geni\u015f bir \u00e7er\u00e7evede ele ald\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-x-frame-options-ve-referrer-policy-dogru-nasil-kurulur\/'>HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimiz<\/a> ve CSP \u00fczerinde derinle\u015fmek i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/cspyi-dogru-kurmak-wordpress-laravelde-nonce-hash-report-to-ve-inline-scriptleri-tatli-tatli-ehlilestirmek\/'>CSP&#8217;yi do\u011fru kurmak \u00fczerine yaz\u0131m\u0131z<\/a> mixed content ile birlikte d\u00fc\u015f\u00fcn\u00fclmesi gereken ayarlar\u0131 detayland\u0131r\u0131yor.<\/p>\n<h2><span id=\"htaccess_Nginx_ve_HSTS_ile_HTTPS_Zorunlu_Hale_Getirmek\">.htaccess, Nginx ve HSTS ile HTTPS Zorunlu Hale Getirmek<\/span><\/h2>\n<h3><span id=\"1_HTTP8217den_HTTPS8217e_Yonlendirme\">1. HTTP&#8217;den HTTPS&#8217;e Y\u00f6nlendirme<\/span><\/h3>\n<p>Mixed content temizli\u011finin yan\u0131nda, t\u00fcm trafi\u011fi HTTPS&#8217;e zorlayan bir y\u00f6nlendirme kural\u0131 kullanmal\u0131s\u0131n\u0131z. Apache i\u00e7in tipik bir .htaccess kural\u0131:<\/p>\n<pre>RewriteEngine On\nRewriteCond %{HTTPS} !=on\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]<\/pre>\n<p>Nginx i\u00e7in \u00f6rnek:<\/p>\n<pre>server {\n    listen 80;\n    server_name siteadiniz.com www.siteadiniz.com;\n    return 301 https:\/\/$host$request_uri;\n}<\/pre>\n<p>Bu kurallar, HTTP isteklerini kal\u0131c\u0131 olarak HTTPS&#8217;e y\u00f6nlendirir. \u00d6zellikle SEO taraf\u0131nda 301 y\u00f6nlendirmelerin do\u011fru kurulmas\u0131 \u00f6nemlidir; bu konuyu <a href='https:\/\/www.dchost.com\/blog\/seo-kaybi-olmadan-url-yapisini-degistirmek-htaccess-ve-nginx-301-yonlendirme-rehberi\/'>htaccess ve Nginx 301 y\u00f6nlendirme rehberimizde<\/a> detayl\u0131 anlatt\u0131k.<\/p>\n<h3><span id=\"2_HSTS_HTTP_Strict_Transport_Security\">2. HSTS (HTTP Strict Transport Security)<\/span><\/h3>\n<p>Mixed content temizli\u011finiz b\u00fcy\u00fck \u00f6l\u00e7\u00fcde bittikten sonra, HSTS ba\u015fl\u0131\u011f\u0131 ile taray\u0131c\u0131ya sadece HTTPS \u00fczerinden ba\u011flanmas\u0131n\u0131 s\u00f6yleyebilirsiniz:<\/p>\n<pre>Strict-Transport-Security: max-age=31536000; includeSubDomains; preload<\/pre>\n<p>HSTS \u015funlar\u0131 sa\u011flar:<\/p>\n<ul>\n<li>Taray\u0131c\u0131, ayn\u0131 alan ad\u0131na yap\u0131lan sonraki t\u00fcm istekleri otomatik olarak HTTPS&#8217;e y\u00fckseltir.<\/li>\n<li>Ortadaki adam (MITM) sald\u0131r\u0131lar\u0131n\u0131 zorla\u015ft\u0131r\u0131r.<\/li>\n<li>Yanl\u0131\u015fl\u0131kla http link b\u0131raksan\u0131z bile taray\u0131c\u0131 taraf\u0131nda bir g\u00fcvenlik katman\u0131 eklenmi\u015f olur.<\/li>\n<\/ul>\n<p>Ancak HSTS etkinle\u015ftirmeden \u00f6nce:<\/p>\n<ul>\n<li>T\u00fcm alt alan adlar\u0131n\u0131z\u0131n HTTPS ile sorunsuz \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olun.<\/li>\n<li>Mixed content hatalar\u0131n\u0131n b\u00fcy\u00fck k\u0131sm\u0131n\u0131 temizlemi\u015f olun.<\/li>\n<li>Geri d\u00f6n\u00fc\u015f\u00fc zor bir ad\u0131m oldu\u011funu bilerek ilerleyin (\u00f6zellikle preload listesine ba\u015fvurursan\u0131z).<\/li>\n<\/ul>\n<h2><span id=\"Gercekci_Senaryolar_Adim_Adim_Cozum_Ornekleri\">Ger\u00e7ek\u00e7i Senaryolar: Ad\u0131m Ad\u0131m \u00c7\u00f6z\u00fcm \u00d6rnekleri<\/span><\/h2>\n<h3><span id=\"Senaryo_1_Kucuk_E-Ticaret_Sitesi_WordPress_WooCommerce\">Senaryo 1: K\u00fc\u00e7\u00fck E-Ticaret Sitesi (WordPress + WooCommerce)<\/span><\/h3>\n<p>Durum:<\/p>\n<ul>\n<li>Site Let\u2019s Encrypt SSL ile HTTPS&#8217;e ge\u00e7iyor.<\/li>\n<li>\u00dcr\u00fcn sayfalar\u0131nda g\u00f6rseller \u00e7\u0131km\u0131yor, konsolda mixed content hatalar\u0131 var.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm ad\u0131mlar\u0131:<\/p>\n<ol>\n<li>WordPress ve Site adresi ayarlar\u0131n\u0131 https olarak d\u00fczeltme.<\/li>\n<li>Veritaban\u0131nda <code>http:\/\/siteadiniz.com<\/code> ifadelerini HTTPS&#8217;e d\u00f6n\u00fc\u015ft\u00fcrme.<\/li>\n<li>Tema i\u00e7indeki sabit http g\u00f6rsel yollar\u0131n\u0131 dinamik fonksiyonlarla de\u011fi\u015ftirme.<\/li>\n<li>\u00d6nbellek eklentisi + CDN cache temizli\u011fi.<\/li>\n<li>HSTS ba\u015fl\u0131\u011f\u0131n\u0131 dikkatli bir \u015fekilde etkinle\u015ftirme.<\/li>\n<\/ol>\n<h3><span id=\"Senaryo_2_Kurumsal_PHP_Tanitim_Sitesi_Ozel_Yazilim\">Senaryo 2: Kurumsal PHP Tan\u0131t\u0131m Sitesi (\u00d6zel Yaz\u0131l\u0131m)<\/span><\/h3>\n<p>Durum:<\/p>\n<ul>\n<li>SSL kurulu, anasayfa kilit simgeli g\u00f6r\u00fcn\u00fcyor.<\/li>\n<li>Hakk\u0131m\u0131zda sayfas\u0131nda fontlar y\u00fcklenmiyor, tasar\u0131m bozulmu\u015f.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm ad\u0131mlar\u0131:<\/p>\n<ol>\n<li>Taray\u0131c\u0131 konsolunda mixed content hatalar\u0131n\u0131n hangi kaynaklara i\u015faret etti\u011fini tespit etmek.<\/li>\n<li>Genellikle <code>http:\/\/fonts.siteadiniz.com<\/code> gibi sabit adresleri https&#8217;e \u00e7evirmek.<\/li>\n<li>Base URL tan\u0131m\u0131n\u0131 https&#8217;e g\u00fcncellemek.<\/li>\n<li>Gerekirse CSP i\u00e7inde upgrade-insecure-requests ekleyerek ge\u00e7i\u015f d\u00f6nemini konforlu hale getirmek.<\/li>\n<\/ol>\n<h3><span id=\"Senaryo_3_CDN_Arkasinda_Yuksek_Trafikli_Blog\">Senaryo 3: CDN Arkas\u0131nda Y\u00fcksek Trafikli Blog<\/span><\/h3>\n<p>Durum:<\/p>\n<ul>\n<li>Statik dosyalar CDN \u00fczerinden geliyor.<\/li>\n<li>Baz\u0131 eski yaz\u0131lardaki g\u00f6rseller direkt http ile embed edilmi\u015f.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm ad\u0131mlar\u0131:<\/p>\n<ol>\n<li>Veritaban\u0131nda eski http alan adlar\u0131n\u0131 https&#8217;e d\u00f6n\u00fc\u015ft\u00fcrmek.<\/li>\n<li>CDN alan ad\u0131n\u0131n SSL yap\u0131land\u0131rmas\u0131n\u0131 do\u011frulamak.<\/li>\n<li>CDN cache politikalar\u0131n\u0131 g\u00f6zden ge\u00e7irip t\u00fcm i\u00e7eri\u011fi yeniden \u0131s\u0131tmak.<\/li>\n<li>CSP ile upgrade-insecure-requests ekleyerek kalan k\u00f6\u015feleri yakalamak.<\/li>\n<\/ol>\n<h2><span id=\"DCHost_Altyapisinda_Mixed_Content_Riskini_Azaltmak_Icin_Neler_Yapiyoruz\">DCHost Altyap\u0131s\u0131nda Mixed Content Riskini Azaltmak \u0130\u00e7in Neler Yap\u0131yoruz?<\/span><\/h2>\n<p>DCHost olarak <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a>, VPS, dedicated ve colocation hizmetlerimizi tasarlarken SSL ve HTTPS&#8217;i art\u0131k varsay\u0131lan kabul ediyoruz. Bu nedenle:<\/p>\n<ul>\n<li>Kontrol panellerinde (cPanel, DirectAdmin vb.) Let\u2019s Encrypt veya benzeri ACME tabanl\u0131 otomatik SSL kurulumunu destekliyoruz.<\/li>\n<li>HTTP\/2 ve HTTP\/3 deste\u011fi ile TLS \u00fczerindeki performans kayb\u0131n\u0131 en aza indiriyoruz. Bu konunun SEO ve h\u0131z taraf\u0131ndaki etkilerini <a href='https:\/\/www.dchost.com\/blog\/http-2-ve-http-3-destegi-seo-ve-core-web-vitalsi-nasil-etkiler-hosting-secerken-nelere-bakmali\/'>HTTP\/2 ve HTTP\/3 rehberimizde<\/a> detayl\u0131ca anlatt\u0131k.<\/li>\n<li>SSL yenilemelerini otomatikle\u015ftiren ve sertifika s\u00fcresi dolmadan uyar\u0131 veren altyap\u0131lar kullan\u0131yoruz. Birden fazla alan ad\u0131 i\u00e7in otomasyon stratejileriyle ilgileniyorsan\u0131z <a href='https:\/\/www.dchost.com\/blog\/onlarca-alan-adi-icin-ssl-sertifika-sure-sonu-izleme-ve-otomatik-yenileme-stratejisi\/'>\u00e7oklu SSL yenileme stratejisi yaz\u0131m\u0131za<\/a> g\u00f6z atabilirsiniz.<\/li>\n<li>G\u00fcvenlik odakl\u0131 m\u00fc\u015fterilerimiz i\u00e7in HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131, HSTS, CSP ve WAF kurallar\u0131 konusunda dan\u0131\u015fmanl\u0131k sunuyoruz.<\/li>\n<\/ul>\n<p>\u00d6zetle, altyap\u0131 taraf\u0131nda HTTPS&#8217;i sorunsuz ve performansl\u0131 hale getirirken, uygulama taraf\u0131ndaki mixed content kaynakl\u0131 sorunlar\u0131 tespit etmeniz ve temizlemeniz i\u00e7in de yan\u0131nda oldu\u011fumuz bir yakla\u015f\u0131m\u0131 benimsiyoruz.<\/p>\n<h2><span id=\"Sonuc_Kalici_Bir_Mixed_Content_Temizlik_Yol_Haritasi\">Sonu\u00e7: Kal\u0131c\u0131 Bir Mixed Content Temizlik Yol Haritas\u0131<\/span><\/h2>\n<p>SSL sonras\u0131 mixed content ve g\u00fcvensiz i\u00e7erik hatalar\u0131, ilk bak\u0131\u015fta karma\u015f\u0131k g\u00f6r\u00fcnse de asl\u0131nda \u00fc\u00e7 temel ad\u0131m\u0131n kar\u0131\u015f\u0131m\u0131ndan ibaret: do\u011fru y\u00f6nlendirmeler, temiz veritaban\u0131\/kod ve sa\u011flam g\u00fcvenlik ba\u015fl\u0131klar\u0131. \u00d6nce taray\u0131c\u0131 konsolunda hangi kaynaklar\u0131n http ile geldi\u011fini tek tek tespit edip listeleyin. Ard\u0131ndan WordPress veya PHP uygulaman\u0131zda base URL ve veritaban\u0131 i\u00e7eri\u011fini HTTPS&#8217;e ta\u015f\u0131y\u0131n, tema\/eklenti\/kod taraf\u0131nda hard-coded http adresleri temizleyin. Son a\u015famada ise .htaccess\/Nginx y\u00f6nlendirmelerini, HSTS ve gerekirse CSP ile upgrade-insecure-requests politikas\u0131n\u0131 devreye alarak sistemi sa\u011flamla\u015ft\u0131r\u0131n.<\/p>\n<p>E\u011fer bu s\u00fcre\u00e7 size karma\u015f\u0131k geliyorsa veya y\u00fcksek trafikli bir WordPress, WooCommerce ya da \u00f6zel PHP uygulamas\u0131 y\u00f6netiyorsan\u0131z, DCHost taraf\u0131nda sundu\u011fumuz domain, hosting, VPS, <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a> ve colocation \u00e7\u00f6z\u00fcmleriyle birlikte HTTPS mimarinizi ba\u015ftan sona planlayabiliriz. Altyap\u0131y\u0131 biz \u00fcstlenelim; siz de ziyaret\u00e7ilerinizin taray\u0131c\u0131lar\u0131nda yaln\u0131zca g\u00fcvenli kilit simgesini ve h\u0131zl\u0131 y\u00fcklenen sayfalar\u0131 g\u00f6r\u00fcn.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 SSL Sonras\u0131 Mixed Content Sorununu Do\u011fru Te\u015fhis Etmek2 Mixed Content Nedir, Neden Olu\u015fur?3 Mixed Content Hatalar\u0131n\u0131 Neden Ciddiye Almal\u0131s\u0131n\u0131z?4 Mixed Content Hatalar\u0131n\u0131 Tespit Etme Y\u00f6ntemleri4.1 Taray\u0131c\u0131 Geli\u015ftirici Ara\u00e7lar\u01314.2 A\u011f Sekmesi ve Kaynak Filtreleme4.3 Sunucu ve Panel Taraf\u0131 Loglar5 WordPress Sitelerde Mixed Content Hatalar\u0131n\u0131 Temizlemek5.1 1. Site Adresi (URL) Ayarlar\u0131n\u0131 Kontrol Edin5.2 2. Veritaban\u0131nda http [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3984,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3983"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3983\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3984"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}