What is Mixed Content?
Mixed content occurs when a website served over HTTPS includes resources (images, scripts, stylesheets) loaded over HTTP. This leads to:
- Security warnings in browsers
- Broken padlock icon
- Potential security vulnerabilities
- Poor user experience
Why Does This Happen?
This issue typically occurs after migrating from HTTP to HTTPS when some elements still reference old HTTP URLs.
Step-by-Step Fix
Step 1: Backup Your Website
Before making any changes, create a complete backup of your database and files.
Step 2: Update WordPress URLs
Navigate to Settings → General and ensure both URLs use HTTPS:
- WordPress Address (URL):
https://yourdomain.com - Site Address (URL):
https://yourdomain.com
Step 3: Search and Replace in Database
Use a plugin like Better Search Replace:
- Install and activate the plugin
- Go to Tools → Better Search Replace
- Search for:
http://yourdomain.com - Replace with:
https://yourdomain.com - Select all tables and run
Step 4: Use Really Simple SSL Plugin
For automatic fixes:
- Install Really Simple SSL plugin
- Activate it
- Click "Go ahead, activate SSL!"
The plugin handles most mixed content issues automatically.
Step 5: Clear All Caches
Clear plugin caches, server-side cache, CDN cache, and browser cache.
Step 6: Test for Remaining Issues
Use tools like Why No Padlock? or browser Developer Tools (F12 → Console) to identify remaining issues.
Common Sources of Mixed Content
| Source | Solution |
|---|---|
| Images in posts | Database search/replace |
| Theme images | Update theme settings |
| External scripts | Contact script provider |
| Custom widgets | Update widget URLs |
Conclusion
Mixed content issues are common after SSL migration but easily fixable. Follow these steps systematically, and your site will be fully secure.
Pro Tip: Most modern hosting providers include free SSL certificates via Let's Encrypt. Enable automatic HTTPS redirection for best security.
Written by
Hostnin Team
Security Expert