How to Fix Mixed Content/Insecure Content Warning in WordPress

dailydose

#1

After switching to HTTPS, you might have faced below problems

  • Green lock not showing, instead Insecure warning
  • Mixed content warning in the console logs
    image

This all happens due to mixed content.

Facts: When we use HTTPS for our website, the browser expects to load each and every element in the HTTPS version only. This is a reason, why even one non-secure element, cannot be loaded while using HTTPS

Okay, no worries. Here’s the ultimate fix for resolving all these issues quickly in next 5 minutes. Keep reading.

  1. Before you begin, I would highly recommend please take backup of your WordPress site. As changes done by this process into Database cannot be reverted easily.

  2. Now, install and activate “Better Search Replace” Plugin.
    image

  3. Go to Plugin UI: Tools > Better Search Replace
    image

  4. Only for shared hosting user: Before you start using, please go to Settings > Drag max page size to 1000.

  5. For high quality hosting like Cloudways, Kinsta, VPS then probably no need to worry.

  6. Now, go to Search/Replace menu, you will see something like this.

  7. To fix mixed content error, you need to replace all HTTP version URL to your canonical version. See example.
    Migrating from http non-www to https www version
    image
    Migrating from https non-www to https www version
    image
    Finally, Migrating from http www version to https www version
    image

  8. Each time while replacing, must select all Database tables.
    image
    Tip: Click on first one, and then hold SHIFT and press END key from your keyboard.

  9. Keep Uncheck Dry run, and also check Replace GUIDs

  10. Run Search/Replace to begin process of Search/Replace. It may take some time, depending on Database size.

  11. Now, it’s time to see the result. :slight_smile:

Bonus tip:
Using Cloudflare? You can also use “Automatic HTTPS rewrite”. However, I recommend above permanent method not shortcut.

Result

Green Lock, no warning. :slight_smile:

Hopefully, these little steps will replace all HTTP version link to the HTTPS, and fix mixed content/insecure warning that you may be receiving after switching to HTTPS.

#DailyDose

Thanks & Regards,
Gulshan


How to Revert Back from HTTPS to a Non-SSL HTTP Site
How to force https to http via .htaccess file
How to fix minimize redirects error
Cloudflare SSL is not working [Resolved]
Image deindex problem
Useful .htaccess code
One theme link showing mixed content for Https
Adding HTTPS on cloudways wordpress site
SSL issue mixed content found
Problem With Newspaper Theme
Using HTTPS in WordPress without Really Simple SSL Plugin
#2

I faced the same issue when migrating my blog to Cloudways. I tried search and replace but all the instances weren’t replaced.

Additionally I install Really Simple SSL and it solved the issue for me.

Also for those who use Thrive Architecture for creating posts, Better Search Replace doesn’t work there.

Any work around for it @GulshanKumar?


#3

May be due to by mistake dry-run.

It may not work if URL is encoded like below. Generally, happens with builder. Once I had got chance to work on such site, work went double. :smile:

In this case, the solution is replace in encoded way.
That’s it.


#4

This always works. Simple and painless.


#5

The title is missing “fix” cc @GulshanKumar


#6

Thanks for heads up. :slight_smile:


#7

Why is Google having mixed content errors?? :confused:


#8

Removed really simple ssl plugin. Green lock went away briefly and has come back.
Thank you!

Update:
I am getting this warning when I try to log in. Is there a fix for this or should I ignore?


#9

Please check wp_options table using MySQL manager, look at site and home URL.

Step 1. Basic main step, Make sure both field exists same URL that you need. Or, see WordPress general settings.

Step 2. Try accessing your site from http version URL in the incognito, if it does not force to HTTPS; a redirect is generally necessary. We use .htaccess rule for this.

Ref: Useful .htaccess code


#10

Have You heard of the define(‘FORCE_SSL_ADMIN’, true); rule of wordpress?


#11

Hmm… WordPress will automatically force HTTPS for admin area(only).


#12

For front end, I think, Editing the Site URL and Wordpress URL should be enough if there are not a lot of http:// references. most themes today support protocol less references //your-site.com type.


#13

Exactly, and most important step.


#14

On the road. I will make the change and update in the morning / afternoon.
Thank you.


#15

They both are the same in the table.

I had to reinstall the simple SSL plugin again because of the error message. Will turn it off and check in incognito mode. With the plugin activated, http is getting redirected to https.

Thank you!


#16

Really Simple SSL Plugin virtually replace everything to HTTPS.

If you want to get rid of it…

  1. Deactivate it
  2. Make sure at WordPress general settings, there is https version
  3. Force HTTPS via .htaccess, WordPress don’t automatically redirect just by having https at general settings.

More.


#17

thanks this guide helped me a lot can i remove this plugin after use


#18

@Adarsh_Sahu Yes, you can remove.


#19

I am getting this issue now
Max page size is 1000 but still


#20

Unfortunately, GoDaddy hosting put limitations.

The solution is try another plugin: Velvet URL replace