You switch WordPress to HTTPS? This can lead to so-called mixed content errors. Browsers like Google Chrome will then show your website as insecure or block it completely. We show you several ways to fix mixed content errors with WordPress .
A mixed content error always occurs when HTTP resources are loaded on your site or a subpage, although the site should actually only be accessible under HTTPS.
Recognizing Mixed Content Errors
Your visitors' browsers will then display site as "not secure". You can also quickly see if they have a problem with mixed content by calling up your sites :
"Possibly" because other errors can also be hidden behind the "not sure" display. I will come to a more detailed analysis in a moment.
A mixed content error looks unserious. It causes many of your visitors to abandon. Google is increasingly blocking the delivery of mixed content websites, via its Chrome browser. Users do have the option to manually reload the blocked content. But then the trust in your offer is already damaged.
Causes for Mixed Content in WordPress
You have already converted your website to SSL or to HTTPS, but individual elements are still loaded from HTTP sources? The reasons for this can be:
- Embedded fonts, for example Google Fonts
- Other external services and snippets
- Images and videos on your WordPress sites , which still point to the HTTP address instead of HTTPS
The sources are correspondingly diverse:
- Plugins for WordPress and WooCommerce
- WordPress themes
- Included source code on your sites and posts or in Gutenberg
- Old or incorrect links
- Social media connections
- Tools for tracking
Plugins and Themes can lead to mixed content errors, especially if they are outdated or no longer being developed. In general, you should check after a conversion of your portal, blog or online shop to HTTPS, whether and which subpages are affected by mixed content.
Find Mixed Content
With a browser, you can quickly identify the originators of mixed content. This is how you proceed in Google Chrome, with other browsers it is quite similar:
- Right-click on any area of your site that you want to examine. Then select the "Examine" option.
- Switch to the "Security" tab in the tools. There you can see at a glance under "Resources" whether there are mixed content errors.
- The error console ("Console") lists the exact sources of the incorrect inclusion.
Here's a quick example of what the analysis looks like in Chrome's console:
You can now fix the error messages step by step by replacing the HTTP bindings with the respective HTTPS variants. Or by removing the cause - such as a Plugin or a widget - if necessary.
Have mixed content errors corrected
Partly you have to adapt your WordPress Theme and the CSS files. You have no technical knowledge in WordPress ? Then there are the following possibilities:
- You hire your agency or a webdesigner
- You contact the manufacturer of the Themes and ask him to fix the errors - or to provide you with the corresponding instructions.
- You use the WordPress Plugin real-time-find-replace
Important in the latter case: This Plugin only masks the problem. For the future security of your site - but also to not create unnecessary ballast in WordPress - you should replace the HTTP links completely with HTTPS links.
Tip: You want to edit your Theme yourself? Then make sure to use a child Theme . See our tutorial Child-Theme for WordPress .
Solution with Search and Replace
Your WordPress database contains many internal links that still point to an HTTP address? Then you can change them en masse or automatically to HTTPS via Search and Replace. We recommend the Plugin Better Search Replace for this. The advantages of the tool:
- The tables in which you want to search and replace can be selected individually if required
- There is a test run function - very useful to check in advance how many fields will be changed and whether you have perhaps designed the search query incorrectly or too comprehensively.
- Support for serialized arrays and objects for all tables
- Supports WordPress Multisites
An even more detailed evaluation of the effects of Search & Replace is only available in the paid Pro version. But even so, the tool provides practical help.
Mixed content WordPress plugin
You want to fix the errors quickly, but can't do it yourself? And you don't have an agency or freelancer at hand? There is also Plugins for WordPress , which will do some of the work for you. For example, the SSL Insecure Content Fixer.
Even in the default settings, the tool fixes central mixed content errors:
- Scripts that are based on
- Stylesheets based on
- Images and similar files, including
- Data provided by
wp_upload_dir()returned, for example for captchas
Other errors in the content - for example from themes, plugins or from widgets - can also be fixed. The adjustments are made in a step-by-step model:
However, the developers point out that the cleanup via Plugin can have a negative impact on the performance of your WordPress installation. You can read more about how the Insecure Content Fixer works here.
Mixed Content and Cache
In general, as already mentioned: A permanent manual cleanup of mixed content errors makes more sense than using a Plugin . Because additional Plugins and calls generate additional calls. Not to mention that Plugins can be an additional gateway for attacks by hackers.
René Dasbeck explains how you can clean up mixed content in the context of a database migration in his tutorial WordPress Solving Mixed Content Problems. Relying on a Plugin for caching? René points out that you should empty an existing cache before cleaning it up. Because old entries with unsafe requests can also hide in this cache.
Contributing photo: Markus Winkler