In this article, you will learn how to secure your WordPress site from mixed content warnings.
After installing an SSL certificate and switching your site to HTTPS, you may still notice a “Not secure” warning in the browser’s address bar. This often happens due to mixed content issues, where some resources (like images, scripts, or stylesheets) are still being loaded over HTTP instead of HTTPS.
Here’s how to fix mixed content warnings in WordPress:
- If You are Using Elementor
If your site is built with Elementor, you can easily update all your internal links:- Go to Elementor > Tools > Replace URL.
- In the fields provided, replace your old “http://old-url.com” with “https://new-url.com.”
- Save the changes and reload your site.
This should update all Elementor-generated content to use HTTPS and resolve the warning.
- If You are Not Using Elementor
There are a few different methods you can use to address mixed content manually or with plugins:- Use the Simple SSL Plugin
This is a quick and effective way to handle HTTPS transitions:- Log in to your WordPress dashboard.
- Go to Plugins > Add New and search for Really Simple SSL.
- Install and activate the plugin.
- Navigate to Settings > General and confirm your site URLs begin with https://.
This plugin will automatically handle most mixed content issues.
- Use the Better Search & Replace Plugin:
For more control, you can manually update old links in your database:- Install and activate the Better Search & Replace plugin.
- Go to Tools > Better Search Replace.
- In the “Search for” field, enter http://old-url.com.
- In the “Replace with” field, enter https://new-url.com.
- Select all database tables.
- Uncheck “Run as dry run?” to apply the changes.
- Click “Run Search/Replace.”
This will scan your database and convert any outdated links to HTTPS.
- Modify Your .htaccess File (Advanced)
Note: Avoid this method if your site uses symlinks, which could cause issues.
If the above methods don’t fully resolve the problem, you can force HTTPS for all requests:- Access your website’s root directory (usually public_html).
- Open or create the .htaccess file.
- Add the following line of code:
Header always set Content-Security-Policy: upgrade-insecure-requests
- Save the file and reload your website.
This instructs browsers to upgrade all HTTP requests to HTTPS automatically.
- Use the Simple SSL Plugin
By following the above-outlined steps, you should be able to eliminate mixed content warnings and ensure your WordPress site is fully secure under HTTPS.
Our support team is just a message away if you need further assistance.
Also using Joomla? Learn How to migrate a Joomla site from HTTP to HTTPS