How To Fix The Mixed Content Error in WordPress

Summarize with:

ChatGPT

Claude

Perplexity

When you switch your WordPress site from HTTP to HTTPS, you expect everything to be secure. However, sometimes you still see a browser warning that says, Your connection to this site isn’t fully secure. This typically indicates that your site has a mixed content issue.

A mixed content error happens when some parts of your WordPress website, such as images, stylesheets, or scripts, still load over HTTP while the rest of the page loads over HTTPS. Even though your SSL Certificate – What it is, Why it is Needed, and How to Set It Up, the browser shows a warning because some resources are still using insecure links.

This problem isn’t really about your SSL setup. It happens when old HTTP links are left behind in your content, theme files, plugins, or database. The SSL is doing its job, but the site isn’t fully using it for everything yet. That’s why it’s called mixed content, where some parts are secure, and others aren’t.

Fixing mixed content is essential for your site’s safety and performance. It protects your visitors, helps you earn their trust, and improves your SEO, as search engines prefer secure websites.

This guide explains 3 simple ways to fix a mixed content error in WordPress. First, we’ll use a plugin. Next, we’ll update all links from HTTP to HTTPS. Finally, we’ll make changes to the .htaccess file. These methods don’t require advanced skills. By the end, your whole site will load properly over HTTPS.

KEY TAKEAWAYS

• Mixed content errors happen when some files on your site still use HTTP instead of HTTPS.
• These errors often appear after switching your site to HTTPS without updating all links.
• Mixed content can compromise your site’s security and lead to trust or SEO issues.
• You can spot the error using browser warnings, developer tools, or online checkers.
• The SSL Insecure Content Fixer plugin is a convenient way to fix insecure links automatically.
• Manually updating old links using a database plugin is another way to fix the issue.
• You can also force all traffic to HTTPS by adding redirect rules to the .htaccess file.
• Always clear your cache and test your site after making changes to confirm the error has disappeared.
• Fixing a mixed content error in WordPress helps protect your visitors and boosts your site’s search performance.

What is WordPress Mixed Content Error?

As discussed, a mixed content error in WordPress happens when a website loads both Understanding The Key Difference Between HTTP And HTTPS resources on the same page.

When this happens, most modern browsers show a warning or block the insecure content completely. As a result, you may notice a missing image, a broken layout, or a missing “https://” in the browser’s address bar. Some browsers even display a message saying, Parts of this page are not secure.

This mixed content warning can harm your website in several ways. For example:

• It makes your site less secure.
• Hackers can attempt to exploit the insecure files to attack your site or steal sensitive information.
• It damages user trust. Visitors may leave your site if they see a warning, thinking it’s unsafe.
• Additionally, it can impact your SEO performance. Search engines prefer fully secure sites, and mixed content may lower your rankings.

The good news is that this error is common and can be fixed. In the next sections, you’ll learn how to spot it easily and fix it to run your entire site securely over HTTPS.

How to Identify Mixed Content Error in WordPress

Before fixing the mixed content error, consider exactly where it’s happening. The easiest way to start is by looking at your browser’s address bar. If everything is working correctly, you’ll see https:// at the start, for instance, https://www.hosted.com.

If there’s a problem, the “https://” may be missing or replaced with a warning:

• Not Secure
• Connection not private
• How to Fix: This Site Can’t Provide a Secure Connection Error

That’s the first sign that something isn’t right.

Remember, you may also see one of the above-listed warnings if your SSL certificate has expired or is misconfigured. To get detailed information about configuration and validity, you can run an SSL Server Test.

To dig deeper, you can also use browser developer tools. In Chrome browser, right-click anywhere on the web page and choose Inspect. Then, go to the Console tab. If there’s mixed content, you’ll see clear warnings telling you which files are loading over HTTP. These messages will list the exact URLs that need correction. It’s a quick way to spot which images, scripts, or other files are causing the issue.

You may also use online tools to check your site for mixed content. There are various tools you can use; however, we show you the process using Why No Padlock. This tool scans your site and identifies insecure resources. It’s helpful if you’re not comfortable using developer tools or want a full report.

Here’s how to use it:

Go to the Website website. Enter your Domain vs. URL: A Definitive Guide to Understanding Web Addresses, check Google reCAPTCHA, and click Test Page.

Here’s the way it shows how it finds a mixed content error in WordPress:

Once you find the problem links, fixing them becomes much easier. In the next sections, we show you how to clean them up using plugins or simple file edits, so your whole website loads safely over HTTPS.

How to Fix Mixed Content in WordPress

In this section, we demonstrate the best fixes for mixed content in WordPress. You’ll learn how to use a plugin, update HTTP links, and edit the .htaccess file to ensure your entire site loads securely over HTTPS.

Use a WordPress Plugin

If you can still WordPress Admin Dashboard Tips for Accessing and Using WP Admin, using a plugin is one of the easiest ways to fix mixed content errors. Many SSL/HTTPS plugins offer free features that handle insecure links with just a few clicks. For this section, we use the SSL Insecure Content Fixer plugin.

Here’s how:

Go to the Plugins menu on the left sidebar. Click Add New. In the search bar, type SSL Insecure Content Fixer. Once it appears, click Install Now next to the plugin.

After installation, click Activate to enable the plugin on your site.

Then, go to Settings → SSL Insecure Content to access the configuration page. Under Fix insecure content, choose Simple. This fixes scripts, styles, and media files without affecting your site speed. Start with this setting. If the error still appears, you can switch to a more advanced level later.

Next, look at HTTPS detection. This helps WordPress know when a page is served over HTTPS. The default option works for most sites. If your site runs through a reverse proxy or CDN, such as Cloudflare, choose a detection method that suits your setup.

Leave the other settings unchanged and click Save Changes. Then visit your site in a new browser tab to see if the mixed content warning has gone.

This plugin is beginner-friendly and safe to use. It’s a great first step if you want a quick solution without using code. In the next section, we show you how to update links from HTTP to HTTPS.

Update Links from HTTP to HTTPS

If a plugin didn’t fix the mixed content error in WordPress, then some links on your site are most likely still hard-coded with HTTP instead of HTTPS. These links are located inside your The Basics of MySQL and WordPress Database Management or theme files, causing browsers to show mixed content warnings.

The approach to updating links depends on the number of links. If there are a few insecure links, you can edit them manually in posts or pages. But if there are many, it’s better to use a plugin to update them in bulk.

Note: Before making any changes to your database, How To Backup Your Website In cPanel. This helps you restore the site if something goes wrong.

Here’s how to update all insecure links using the Better Search Replace plugin:

First, install and activate this plugin from the WordPress plugin directory. Then, navigate to Tools → Better Search Replace.

Under Search for, type your old URL with http://:

EXAMPLE: http://yourdomain.com

Under Replace with, enter the new https:// version of your site. In the Select tables section, press Ctrl (or Cmd on Mac) and select all the database tables.

Leave the rest of the settings as they are and click Run Search/Replace.

Since Run as dry run is enabled, the plugin will show you what changes it would make without applying them.

After checking the results, uncheck the Run as dry run option and repeat the process to update all links. Once the process is complete, clear your browser cache to ensure your site loads the updated content.

Now, let’s discuss how to fix the issue manually using the .htaccess file.

Modify .htaccess File to Force HTTPS

Another way to fix a mixed content error in WordPress is to force your entire site to load over HTTPS using the .htaccess file. This file controls how your server handles requests, and you can use it to automatically redirect any HTTP traffic to HTTPS. It’s a strong way to ensure every visitor always sees the secure version of your site.

Here’s how to do it using How To Use cPanel File Manager:

Go to cPanel → Files → File Manager. Next, locate the .htaccess file underthe public_html folder. If you can’t find the file, ensure your hosting’s File Manager is set to show hidden files.

If it’s missing, you can create a new text file and name it .htaccess. Now, right-click on .htaccess and choose Edit to open it in cPanel’s built-in editor.

Now, add the following lines of code at the end of this file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

This code forces all visitors to use the secure HTTPS version of your website by automatically redirecting any HTTP requests. It also tells the browser to upgrade any insecure content (such as images or scripts using HTTP) to HTTPS, which prevents a mixed content error in WordPress. Together, these rules make your website safer and ensure all parts of your site load securely.

Then, click Save Changes to save the file.

Now, visit your website using http:// in the address bar. It should automatically switch to https://. If it does, the redirect is working. You can also test your site using an online redirect checker to confirm everything is set up correctly.

This method is very effective because it works at the server level. Even if someone tries to visit the non-secure version of your site, they’ll be automatically redirected to the secure one.

Take care when editing the .htaccess file. If anything goes wrong, it can affect how your site loads. Therefore, it’s better to always back up your site before making a change.

FAQS

Other Related Tutorials

– How to Create a WordPress Image Carousel X Easy Ways

– WordPress iFrames: How To Use And Embed Pages, Videos And More

– WordPress Breadcrumbs: How To Add & Display Them On Your Site

– How To Add Schema Markup In WordPress: 2 Easy Methods

– WordPress Pagination: How To Add It Manually Or With Plugins

• About the Author
• Latest Posts

Rhett Freeman( Researcher, Content Writer and WordPress Content Guru )

Rhett isn’t just a writer at Hosted.com – he’s our resident WordPress content guru. With over 6 years of experience as a content writer, with a background in copywriting, journalism, research, and SEO, and a passion for websites.

Rhett authors informative blogs, articles, and Knowledgebase guides that simplify the complexities of WordPress, website builders, domains, and cPanel hosting. Rhett’s clear explanations and practical tips provide valuable resources for anyone wanting to own and build a website. Just don’t ask him about coding before he’s had coffee.

• How To Fix HTTP 429 Too Many Requests Error
• How To Fix DNS Server Not Responding Error
• How To Add A Separate WordPress Blog Page For Posts