How-To Guide: Fixing Mixed Content Error Manually or via Plugin

Michael Firnkes Updated on 20.10.2020
5 Min.
WordPress  mixed content
Last updated on 20.10.2020

You're switching WordPress to HTTPS? This can lead to so-called Mixed Content Errors . Browsers like Google Chrome will then show your website as unsafe or block it completely. We will show you several ways to WordPress fix mixed content errors.

A Mixed Content error occurs whenever HTTP resources are loaded on your site or a subpage, although it site should only be accessible under HTTPS.

Detect mixed content errors

In the browser of your visitors it will site then be shown as "not safe". Also you can see sites very quickly if they have a problem with mixed content:

Unsafe connection
Unsecure connection, displayed in Google Chrome

"Possibly" because other errors may also be hidden behind the display "not sure". I'll come back to a more detailed analysis in a moment.

A Mixed Content error appears dubious. It causes many of your visitors to abandon. Google is increasingly blocking the delivery of web pages with mixed content, through its browser Chrome. Users have the possibility to manually reload the blocked content. But the trust in your offer is then already damaged.

Causes for Mixed Content in WordPress

You have already switched your website to SSL or HTTPS, but some elements are still loaded from HTTP sources? The reasons for this can be:

  • Scripts such as CSS or JavaScript files
  • Embedded fonts, for example Google Fonts
  • Other external services and snippets
  • Pictures and videos on your WordPress sites that still refer to the HTTP address instead of HTTPS

The sources are correspondingly diverse:

  • Plugins for WordPress and WooCommerce
  • WordPress Themes
  • Included source code on your sites and contributions or in Gutenberg
  • Old or faulty links
  • Widgets
  • social media connections
  • Tools for Tracking

Plugins and Themescan lead to mixed content errors, especially if they are outdated or no longer developed. In general, you should check whether and which subpages are affected by mixed content after switching from your portal, blog or online shop to HTTPS.

Find mixed content

With a browser you can identify the originators of mixed content quite quickly. This is how you do it in Google Chrome, it's very similar in other browsers:

  1. Click the right mouse button on any area of your site that you want to examine. Then select the "Examine" option.
  2. Switch to the "Security" tab in the tools. There you can see at a glance under "Resources" if there are any mixed content errors.
  3. The error console ("Console") lists the exact sources for the incorrect integration.

Here is a small example of how the analysis looks like in the Chrome console:

Error Console Chrome
Mixed Content error in the console in Chrome

You can now fix the error messages step by step by replacing the HTTP mounts with the respective HTTPS variants. Or by removing the cause - for example a Pluginwidget - if necessary completely.

Have mixed content errors corrected

Partly, you have to use your WordPress Theme and adjust the CSS files. You yourself have no technical knowledge in WordPress ? Then there are the following possibilities:

  • You commission your agency or a web designer
  • You contact the manufacturer of the Themesand ask him to fix the errors - or to provide you with the appropriate instructions
  • You use the WordPress plugin Real-time Find Replace

Important in the latter case: This only Pluginmasks the problem. For the future security of your site - but also to avoid creating unnecessary ballast in WordPress - you should replace the HTTP links completely by HTTPS links.

Tip: You want your Theme work on it yourself? Then make sure you have a child Theme to use. See our instructions Child-Theme for WordPress.

Solution with Search and Replace

Your WordPress database contains many internal links that still point to an HTTP address? Then you can change them to HTTPS on a massive scale or automatically, via Search and Replace. We recommend the plugin Better Search Replace. The advantages of the tool:

  • The tables in which you want to search and replace can be selected individually if required
  • There is a test run function - very handy to check in advance how many fields will be changed and if you have made the search query wrong or too comprehensive
  • Support of serialized arrays and objects for all tables
  • Supports WordPress Multisites

An even more detailed evaluation of the effects of Search & Replace is only available in the paid Pro version. But even so the tool provides practical help.

Better Search Replace Plugin
The WordPress plugin Better Search Replace

Mixed content WordPress plugin

You want to fix the errors quickly, but you can't do it yourself? And you don't have an agency or freelancer at hand? There are also plugins those who can do some of the work for WordPress you. For example the SSL Insecure Content Fixer.

Even in the default settings, the tool fixes central mixed content errors:

  • Scripts that are based on wp_register_script() , wp_enqueue_script() access
  • Style sheets based on wp_register_style() , wp_enqueue_style()
  • Images and similar files, which among other things wp_get_attachment_image()wp_get_attachment_image_src() call
  • Data, which is collected by wp_upload_dir() be returned, for example for Captchas

Other errors in the content - for example from themes, plugins or from widgets - can also be fixed. The adjustments are made in a step-by-step model:

SSL Insecure Content Fixer
Some of the options of the SSL Insecure Content Fixer Plugin

However, the developers point out that the adjustment per Pluginnegative performance of your WordPress installation. More about how the Insecure Content Fixer works here.

Mixed Content and Cache

In general, as already mentioned, a permanent manual cleanup of mixed content errors makes more sense than using onePlugin. Because additional plugins and calls generate additional calls. Not to mention the fact that plugins an additional gateway for Attacks by hackers can be.

René Dasbeck reveals how you can clean up mixed content in the context of a database migration in his guide WordPress Solve mixed content problems. You're using Pluginfor caching? René points out that you should empty an existing cache before cleaning up. This cache can also contain old entries with unsafe requests.

You have questions about mixed content? Please use the comment function. You want to be WordPress informed about new contributions? Then follow us on Twitteror Facebook , or subscribe to our newsletter.

Picture: Markus Winkler

Michael takes cake care of the areas of content and mental health at RAIDBOXES. He has been active in the blogger and WordPress community since 2007. Among other things as co-organizer of WordPress events, book author and corporate blog trainer. He loves blogging incredibly, professionally but also privately. Michael works and writes remotely from sunny Freiburg.

Related articles

Comments on this article

Write a comment

Your email address will not be published. Required fields are marked with * .