How-To Guide: Fixing Mixed Content Error Manually or via Plugin

Michael Firnkes Last updated 20.10.2020
5 Min.
WordPress  Mixed Content
Last updated 20.10.2020

You switch WordPress to HTTPS? This can lead to so-called mixed content errors. Browsers like Google Chrome will then show your website as insecure or block it completely. We show you several ways to fix mixed content errors with WordPress .

A mixed content error always occurs when HTTP resources are loaded on your site or a subpage, although the site should actually only be accessible under HTTPS.

Recognizing Mixed Content Errors

Your visitors' browsers will then display site as "not secure". You can also quickly see if they have a problem with mixed content by calling up your sites :

Not secure connection
Not secure connection, displayed in Google Chrome

"Possibly" because other errors can also be hidden behind the "not sure" display. I will come to a more detailed analysis in a moment.

A mixed content error looks unserious. It causes many of your visitors to abandon. Google is increasingly blocking the delivery of mixed content websites, via its Chrome browser. Users do have the option to manually reload the blocked content. But then the trust in your offer is already damaged.

Causes for Mixed Content in WordPress

You have already converted your website to SSL or to HTTPS, but individual elements are still loaded from HTTP sources? The reasons for this can be:

  • Scripts such as CSS or JavaScript files
  • Embedded fonts, for example Google Fonts
  • Other external services and snippets
  • Images and videos on your WordPress sites , which still point to the HTTP address instead of HTTPS

The sources are correspondingly diverse:

  • Plugins for WordPress and WooCommerce
  • WordPress themes
  • Included source code on your sites and posts or in Gutenberg
  • Old or incorrect links
  • Widgets
  • Social media connections
  • Tools for tracking

Plugins and Themes can lead to mixed content errors, especially if they are outdated or no longer being developed. In general, you should check after a conversion of your portal, blog or online shop to HTTPS, whether and which subpages are affected by mixed content.

Find Mixed Content

With a browser, you can quickly identify the originators of mixed content. This is how you proceed in Google Chrome, with other browsers it is quite similar:

  1. Right-click on any area of your site that you want to examine. Then select the "Examine" option.
  2. Switch to the "Security" tab in the tools. There you can see at a glance under "Resources" whether there are mixed content errors.
  3. The error console ("Console") lists the exact sources of the incorrect inclusion.

Here's a quick example of what the analysis looks like in Chrome's console:

Chrome error console
Mixed Content Error in the Console in Chrome

You can now fix the error messages step by step by replacing the HTTP bindings with the respective HTTPS variants. Or by removing the cause - such as a Plugin or a widget - if necessary.

Have mixed content errors corrected

Partly you have to adapt your WordPress Theme and the CSS files. You have no technical knowledge in WordPress ? Then there are the following possibilities:

  • You hire your agency or a webdesigner
  • You contact the manufacturer of the Themes and ask him to fix the errors - or to provide you with the corresponding instructions.
  • You use the WordPress Plugin real-time-find-replace

Important in the latter case: This Plugin only masks the problem. For the future security of your site - but also to not create unnecessary ballast in WordPress - you should replace the HTTP links completely with HTTPS links.

Tip: You want to edit your Theme yourself? Then make sure to use a child Theme . See our tutorial Child-Theme for WordPress .

Solution with Search and Replace

Your WordPress database contains many internal links that still point to an HTTP address? Then you can change them en masse or automatically to HTTPS via Search and Replace. We recommend the Plugin Better Search Replace for this. The advantages of the tool:

  • The tables in which you want to search and replace can be selected individually if required
  • There is a test run function - very useful to check in advance how many fields will be changed and whether you have perhaps designed the search query incorrectly or too comprehensively.
  • Support for serialized arrays and objects for all tables
  • Supports WordPress Multisites

An even more detailed evaluation of the effects of Search & Replace is only available in the paid Pro version. But even so, the tool provides practical help.

Better Search Replace Plugin
The WordPress plugin Better Search Replace

Mixed content WordPress plugin

You want to fix the errors quickly, but can't do it yourself? And you don't have an agency or freelancer at hand? There is also Plugins for WordPress , which will do some of the work for you. For example, the SSL Insecure Content Fixer.

Even in the default settings, the tool fixes central mixed content errors:

  • Scripts that are based on wp_register_script() , wp_enqueue_script() access
  • Stylesheets based on wp_register_style() , wp_enqueue_style()
  • Images and similar files, including wp_get_attachment_image()wp_get_attachment_image_src() go to
  • Data provided by wp_upload_dir() returned, for example for captchas

Other errors in the content - for example from themes, plugins or from widgets - can also be fixed. The adjustments are made in a step-by-step model:

SSL Insecure Content Fixer
Some of the options of the SSL Insecure Content Fixer Plugin

However, the developers point out that the cleanup via Plugin can have a negative impact on the performance of your WordPress installation. You can read more about how the Insecure Content Fixer works here.

Mixed Content and Cache

In general, as already mentioned: A permanent manual cleanup of mixed content errors makes more sense than using a Plugin . Because additional Plugins and calls generate additional calls. Not to mention that Plugins can be an additional gateway for attacks by hackers.

René Dasbeck explains how you can clean up mixed content in the context of a database migration in his tutorial WordPress Solving Mixed Content Problems. Relying on a Plugin for caching? René points out that you should empty an existing cache before cleaning it up. Because old entries with unsafe requests can also hide in this cache.

You have questions about mixed content? Feel free to use the comment function. You want to be informed about new articles on WordPress ? Then follow us on Twitter, Facebook or via our newsletter.

Contributing photo: Markus Winkler

Related articles

Comments on this article

Post a comment

Your email address will not be published. Required fields are marked with *.