Mixed Content Errors Blocking SSL/HTTPS in WordPress
When a WordPress website has an SSL certificate installed, the site should load over HTTPS. However, you may still see an “unsecured” warning in the browser. One common reason is mixed content errors.
What Are Mixed Content Errors?
Mixed content errors occur when a webpage served over HTTPS loads resources (such as images, scripts, stylesheets, or links) using HTTP instead of HTTPS. This breaks the SSL encryption chain because some content is being transmitted insecurely.
There are two types of mixed content:
- Passive mixed content: Resources like images, audio, and video loaded over HTTP. Browsers may display a warning but still load them.
- Active mixed content: Resources like scripts, stylesheets, and iframes loaded over HTTP. Browsers typically block these entirely, which can break site functionality.
How to Identify Mixed Content Errors
Method 1: Browser Developer Tools
- Open your website in Chrome or Firefox.
- Press
F12to open Developer Tools. - Click the Console tab.
- Look for warnings or errors mentioning “mixed content.”
Method 2: Online Tools
Use a free tool like WhyNoPadlock.com to scan your site for mixed content issues. The tool will list all insecure resources found on the page.
How to Fix Mixed Content Errors
Step 1: Back Up Your Website
Before making any changes, create a full backup of your WordPress site using a backup plugin such as UpdraftPlus or BackWPup.
Step 2: Update WordPress URLs
- Go to Settings → General in your WordPress dashboard.
- Ensure both WordPress Address (URL) and Site Address (URL) use
https://.
Step 3: Use a Plugin to Fix Mixed Content
Install and activate one of these free plugins:
- Really Simple SSL — Automatically detects and fixes most mixed content issues.
- SSL Insecure Content Fixer — Provides multiple fix levels from simple to comprehensive.
Follow the plugin’s instructions to scan and fix mixed content errors.
Step 4: Search and Replace HTTP URLs
For a more thorough fix, use the Better Search Replace plugin:
- Install and activate the plugin.
- Go to Tools → Better Search Replace.
- Search for
http://yourdomain.comand replace withhttps://yourdomain.com. - Run the search on all database tables.
- Uncheck “Run as dry run” when ready to apply.
Step 5: Update Your .htaccess File
Add the following to your .htaccess file to force HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Step 6: Verify the Fix
- Clear your browser cache.
- Visit your website and check for the padlock icon in the address bar.
- Re-run the WhyNoPadlock.com check to confirm all mixed content is resolved.
Common Sources of Mixed Content
| Source | Solution |
|---|---|
Hardcoded http:// URLs in theme files | Edit theme files or use a child theme to update URLs |
Images inserted with http:// in posts/pages | Use Search and Replace plugin to update database |
External scripts or embeds using http:// | Update embed codes to use https:// or protocol-relative URLs |
Custom CSS with http:// background images | Update stylesheet URLs to https:// |
Plugins loading resources over http:// | Update or replace the plugin |
Notes
- If you are unable to resolve mixed content errors yourself, consider hiring a developer for assistance.
- Always test your site thoroughly after making changes to ensure nothing is broken.