Fix WordPress Mixed Content

What is Mixed Content?

Mixed content is simply when a site is loaded over a secure HTTPS connection, but requests resources such as images, videos, stylesheets or scripts that are loaded over an insecure HTTP connection.

If you’ve already added an SSL certificate and ensured the site is loading over HTTPS but your site is still not secure you most likely have mixed content on the site. Modern browsers will usually either:

1) Block the content from loading, this often occurs with scripts. This prevents the site from loading securely, you may even see a red padlock.

2) Show insecure warnings and indicate to the user that the page they’re requesting has insecure content.

When visiting a webpage over HTTPS in Google Chrome, the browser alerts you to mixed content as errors and warnings in the JavaScript console. You can view mixed content in Chrome by selecting F12 on your keyboard or right-clicking and selecting ‘Inspect’.

A good tool to help identify mixed content is the Why No Padlock? tool.

How to Fix Mixed Content on Your WordPress Site

To fix mixed content on a WordPress website, a plugin can be used that automatically replaces the insecure URLs with the secure ones.

  • Log in to the WordPress Dashboard
  • Select Plugins and select Add New
  • Search for SSL Insecure Content Fixer, and select ‘Install Now’
  • Once the plugin has been activated you can change the settings from Settings. From there, you can alter the extent to which the URLs are replaced. We’d recommend selecting either Simple/Capture/Capture All.
  • If you’re on the WordPress platform you’ll need to purge cache within StackCache, then try an incognito window to ensure your browser hasn’t cached the previous content.

Your site should now load securely. If not, you can follow the steps below to make sure you’ve covered all bases to ensure your site is secure.

Ensuring Your WordPress Site Loads Securely

Ensuring there’s no mixed content on your WordPress site is fundamental to ensuring it loads securely, however, you can’t miss out on the other key factors to ensure the site loads securely for its users.

Ensure HTTPS is used

Make sure the WordPress site and home URLs are prefixed with HTTPS i.e. You can do this within the /wp-admin area of your site.

  • Log in to the WordPress Dashboard.
  • Click on Settings on the left-hand side.
  • Make sure the WordPress Address (URL) is prefixed with HTTPS.
  • Make sure the Site Address (URL) is prefixed with HTTPS.