Have you ever wondered why you don’t see a green padlock next to your site URL, even with an SSL certificate installed?
This issue occurs when your site has one or more resources loading via HTTP instead of HTTPS. These resources could be scripts, images, videos, or any other elements displayed on your site.
In this article, we will guide you through the steps to fix mixed content errors in WordPress, ensuring your site is secure and fully functional.
What is Mixed Content?
Mixed content happens when a secure webpage, which should be safely loaded over HTTPS, still serves resources (like images, stylesheets, and scripts) over an insecure HTTP connection. This inconsistency can cause security warnings, browser blocks, and a poor user experience.
Why Fixing Mixed Content Errors is Important?
If you’ve ever encountered security warnings or missing padlocks on your website, you might be dealing with mixed content issues. Fixing these problems is crucial for several reasons:
- Security: Mixed content undermines the security of your site. While HTTPS ensures encrypted communication, HTTP-loaded resources can be intercepted or altered by attackers.
- SEO: Search engines like Google prefer secure sites. Mixed content can negatively impact your SEO rankings.
- User Trust: Security warnings can deter visitors, reducing their trust in your site.
How to Identify Mixed Content Errors?
1. Using your Browser Console
Most browsers will flag mixed content errors. Open the developer tools (F12 or right-click and select “Inspect”), go to the console tab, and look for mixed content warnings.



2. Using Online Tools
Use tools like Why No Padlock? or SSL Labs to scan your site for mixed content errors.

3. Plugins
WordPress plugins like Better Search Replace or SSL Insecure Content Fixer can help identify mixed content by scanning your database and site content.
Fixing Mixed Content Errors
Before proceeding with any of the changes described, make sure to back up your website. We’ve previously covered 3 methods to back up your WordPress website in an earlier blog article.
1. Update the WordPress Settings
The first step to address mixed content errors is to update your WordPress settings. Completing this step will help prevent future mixed content issues. Here’s how:
- Log in to your WP admin dashboard.
- Navigate to the Settings menu.
- Change the 1. WordPress Address (URL) and 2. Site Address (URL) from http:// to https://.
- Save the settings.
Please note that you may be logged out of the WP admin dashboard when these changes are applied.

2. Use a WordPress Plugin
Really Simple SSL popular plugin can automatically detect and fix mixed content errors. Usually, after you install and activate the plugin it takes care of all mixed content errors and no further actions are required. We have a full tutorial on adding and activating the plugin in the WPX Knowledgebase.
The steps are easy to follow:
- Install and Activate the plugin;
- Select the Activate SSL button in your WP admin dashboard.

That’s it, the plugin will detect and fix all HTTP URLs that are found in the database (and files) of your website.
Note: If you still encounter mixed content errors after installing and activating the plugin, clear your browser’s cache and check your site again using tools like Why No Padlock? or SSL Labs.
3. Alternative to Really Simple SSL (.htaccess)
If you’re not a fan of having more plugins or you just want to deep dive into the files of your WordPress site this is the solution for you. You can force HTTPS by adding the following lines to your .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
4. Run Search and Replace
If your website still serves some resources via HTTP after following the previous steps, you might need to do some manual work:
- Database Search and Replace: Use a plugin like Better Search Replace to find and update all instances of HTTP URLs in your database.
- Theme and Plugin Files: Check your theme’s files and plugins for hardcoded HTTP URLs and update them.
Note: If the hardcoded links are external and don’t have an SSL certificate (on their host), they may stop loading when updated to HTTPS, causing 404 errors on your website. To avoid this, consider replacing those resources with secure alternatives.
Preventing Future Mixed Content Errors
- Always Use HTTPS: Ensure your WordPress Address and Site Address in Settings > General are set to HTTPS. Use HTTPS when adding new content or resources.
- Regularly Scan Your Site: Periodically check your site for mixed content using the methods described earlier.
- Update and Maintain: Keep your WordPress core, themes, and plugins updated. Regularly review and clean your database to ensure no old HTTP links are present.
Conclusion
Fixing mixed content issues in WordPress is crucial for maintaining a secure, trustworthy, and SEO-friendly website. By following the steps outlined in this guide, you can effectively identify and resolve these issues, ensuring a seamless and secure experience for your visitors.
For more tips and detailed guides on WordPress maintenance, be sure to follow the WPX blog. Happy blogging!
Having WordPress Permalink Issues? Check out our guide on how to fit them!