green padlock

How To Resolve Mixed Content Warnings For Your WordPress Website

Transitioning your WordPress website from http to https is a commendable milestone towards securing your site and making it safer for your users to interact with you.

The very thought of having an SSL Certificate displaying on your website should be reason enough to make you happy.

However, it is also necessary to expect some teething challenges that come with that transition.

One of the main problems when switching your site from http to https is mixed content warnings, where your site tries to display resources from the former http source and the new https source.

Even though WordPress has its own settings to help stop this issue, most users still experience it.

If you have once faced it or you are planning to migrate your WordPress site to a https, then don’t despair since this post will show you how to fix such issues.

Understanding what mixed content is

Before we show you how to deal with mixed content, let’s take a deeper look at its definition, with relevant examples to get a good understanding of exactly what mixed content is.

When you load a font, icon, or image over a http address while the page a user requests is SSL-secured via https, you’ll receive a mixed content warning. When this happens, the website in question can have the following effects:

  • The secure https padlock fails to appear in the address bar
  • The secure green padlock will appear while the insecure assets are prevented from loading

In any of the above cases, users notice a red warning telling them that the content from the insecure http domain has been blocked because it is not secure.

In addition, you will see a yellow warning if the insecure content that is trying to load is blocking the green padlock from displaying.

In this case, it will be like trying to run a computer on two different operating systems, such as Windows 8 and 10 at the same time.

Why does your WordPress site need an SSL certificate?

In the past it was most likely that you would only have an SSL certificate if you were running an e-commerce website. Nowadays the majority of sites, e-commerce or not are running on https.

There are a few advantages to making the switch.

First, the green padlock your WordPress site receives will give your visitors a boost of confidence and trust while browsing your website.

You may not be selling products or offering services, but if you need to gain and maintain the trust of your visitors, you would be wise to install an SSL certificate.

Second, Google has announced that https is a ranking Signal.

Google prefers to list websites in their results pages that give people a good experience, so if your website encrypts data with an SSL certificate then Google is more likely to recommend your site above a similar one that does not have a secure connection.

If your site does not have an SSL certificate and you haven’t budgeted for one then SSL2BUY is one of many places that you can get your hands on a cost effective solution.

HTTPS and WordPress sites

Having looked at the importance of moving over to https, let’s look at how you can enforce https on your WordPress site today.

Note, you will need to have an SSL certificate installed before proceeding.

Enforcing every page to be https

In order to serve all of your website pages over https you will need to login to your WordPress website.

First you should go to General Settings within your WordPress dashboard. When there, locate the WordPress address and site address fields and substitute each http value with https.

If you’re really not comfortable with this step then you can achieve the same result the help of a plugin. Using a plugin will likely require you to check a box for all pages that need migrating.

Identifying mixed content on https pages

In order to address mixed content, you should visit your website using the https address instead of http.

After visiting your website via your new https address you’ll likely see your web browser abruptly displaying “insecure content” or “non-encrypted content” alerts.

This is a nod to let you know that your WordPress site contains http assets.

Resolving mixed content warnings using a plugin

By using a plugin to search and replace all http instances within your sites database, you’ll be able to fix most, if not all of your mixed content warnings.

To start we recommend that you install and activate the Better Search and Replace plugin within your WordPress dashboard.

Once you’re within the Better Search and Replace settings area you can search for “http://” and replace it with “https://”.

This should take care of any internal and external references to non-secure content.

Once done if your website uses a caching plugin then you should clear your websites cache in order for the changes to show.

Visit your websites pages and check for the green padlock and any signs of mixed content warnings.

If you still have mixed content warnings then it’s possible that you have a http reference within your websites theme files.

To resolve http references within your theme you can download your website files via an FTP application and use a text editor such as Sublime Text to search and replace the files for you.

Once you’ve effectively edited your theme files you’ll need to re-upload your theme. If your website uses a child theme you may need to check the parent theme too.

Clear your websites cache if you have one and if the issue is still not resolved you can right click anywhere on your websites page and choose “View Source” or “View Page Source”.

Then use the “find” command and search for “http://”. This way, you’ll be able to detect any remaining http content within your website and remove it effectively.

Third-party websites

In order to assist in finding and resolving mixed content issues you can utilise third-party websites such as WhyNoPadlock.com, which will obtain and provide straightforward information for you to utilise free of charge.

Once everything is working fine, please remember to redirect all search traffic from your previous http address to you new https address. This will avoid being penalised by Google for duplicate content.

If you’re unfamiliar with 301 redirects you can always use a plugin to do the job for you.

Final thoughts

Migrating your website to https is necessary even though it comes with a few teething problems like mixed content warnings.

In this article we hope to have helped you understand what mixed content warnings are, why your site needs an SSL certificate and how you can simply and effectively fix mixed content warnings to make your site https ready today.

100 Tips for Maintaining Your WordPress Site

Defend your site from hackers, improve speed, and learn tactics used by WordPress experts

Thank you for subscribing.

Something went wrong.

About Steven Watts

Steven WattsSteven is the founder of Newt Labs. He's a WordPress specialist with an interest in building the most effective websites possible. Since 2010, he's been helping businesses with their online goals.

100 Tips for Maintaining Your WordPress Site

Defend your site from hackers, improve speed, and learn tactics used by WordPress experts

Thank you for subscribing.

Something went wrong.