You're switching WordPress to HTTPS? This can lead to so-called Mixed Content Errors . Browsers like Google Chrome will then show your website as unsafe or block it completely. We will show you several ways to WordPress fix mixed content errors.
A Mixed Content error occurs whenever HTTP resources are loaded on your site or a subpage, although it site should only be accessible under HTTPS.
Detect mixed content errors
In the browser of your visitors it will site then be shown as "not safe". Also you can see sites very quickly if they have a problem with mixed content:
"Possibly" because other errors may also be hidden behind the display "not sure". I'll come back to a more detailed analysis in a moment.
A Mixed Content error appears dubious. It causes many of your visitors to abandon. Google is increasingly blocking the delivery of web pages with mixed content, through its browser Chrome. Users have the possibility to manually reload the blocked content. But the trust in your offer is then already damaged.
Causes for Mixed Content in WordPress
You have already switched your website to SSL or HTTPS, but some elements are still loaded from HTTP sources? The reasons for this can be:
- Embedded fonts, for example Google Fonts
- Other external services and snippets
- Pictures and videos on your WordPress sites that still refer to the HTTP address instead of HTTPS
The sources are correspondingly diverse:
- Plugins for WordPress and WooCommerce
- WordPress Themes
- Included source code on your sites and contributions or in Gutenberg
- Old or faulty links
- social media connections
- Tools for Tracking
Plugins and Themescan lead to mixed content errors, especially if they are outdated or no longer developed. In general, you should check whether and which subpages are affected by mixed content after switching from your portal, blog or online shop to HTTPS.
Find mixed content
With a browser you can identify the originators of mixed content quite quickly. This is how you do it in Google Chrome, it's very similar in other browsers:
- Click the right mouse button on any area of your site that you want to examine. Then select the "Examine" option.
- Switch to the "Security" tab in the tools. There you can see at a glance under "Resources" if there are any mixed content errors.
- The error console ("Console") lists the exact sources for the incorrect integration.
Here is a small example of how the analysis looks like in the Chrome console:
You can now fix the error messages step by step by replacing the HTTP mounts with the respective HTTPS variants. Or by removing the cause - for example a Pluginwidget - if necessary completely.
Have mixed content errors corrected
Partly, you have to use your WordPress Theme and adjust the CSS files. You yourself have no technical knowledge in WordPress ? Then there are the following possibilities:
- You commission your agency or a web designer
- You contact the manufacturer of the Themesand ask him to fix the errors - or to provide you with the appropriate instructions
- You use the WordPress plugin Real-time Find Replace
Important in the latter case: This only Pluginmasks the problem. For the future security of your site - but also to avoid creating unnecessary ballast in WordPress - you should replace the HTTP links completely by HTTPS links.
Tip: You want your Theme work on it yourself? Then make sure you have a child Theme to use. See our instructions Child-Theme for WordPress.
Solution with Search and Replace
Your WordPress database contains many internal links that still point to an HTTP address? Then you can change them to HTTPS on a massive scale or automatically, via Search and Replace. We recommend the plugin Better Search Replace. The advantages of the tool:
- The tables in which you want to search and replace can be selected individually if required
- There is a test run function - very handy to check in advance how many fields will be changed and if you have made the search query wrong or too comprehensive
- Support of serialized arrays and objects for all tables
- Supports WordPress Multisites
An even more detailed evaluation of the effects of Search & Replace is only available in the paid Pro version. But even so the tool provides practical help.
Mixed content WordPress plugin
You want to fix the errors quickly, but you can't do it yourself? And you don't have an agency or freelancer at hand? There are also plugins those who can do some of the work for WordPress you. For example the SSL Insecure Content Fixer.
Even in the default settings, the tool fixes central mixed content errors:
- Scripts that are based on
- Style sheets based on
- Images and similar files, which among other things
- Data, which is collected by
wp_upload_dir()be returned, for example for Captchas
Other errors in the content - for example from themes, plugins or from widgets - can also be fixed. The adjustments are made in a step-by-step model:
Mixed Content and Cache
In general, as already mentioned, a permanent manual cleanup of mixed content errors makes more sense than using onePlugin. Because additional plugins and calls generate additional calls. Not to mention the fact that plugins an additional gateway for Attacks by hackers can be.
René Dasbeck reveals how you can clean up mixed content in the context of a database migration in his guide WordPress Solve mixed content problems. You're using Pluginfor caching? René points out that you should empty an existing cache before cleaning up. This cache can also contain old entries with unsafe requests.
You have questions about mixed content? Please use the comment function. You want to be WordPress informed about new contributions? Then follow us on Twitteror Facebook , or subscribe to our newsletter.
Picture: Markus Winkler