How to fix WordPress mixed content warning (HTTPS/SSL)

How to fix WordPress mixed content warning (HTTPS/SSL)

⚠️ HTTPS is no longer optional, Starting from February 2020, Google Chrome browser will block all mixed content on web pages by default.

In this tutorial, we will show you how to quickly fix WordPress mixed content warnings.

HTTPS benefits

When a browser requests resources over HTTPS—which stands for HTTP Secure—it uses an encrypted connection to communicate with the webserver.

Authentication: HTTPS lets the browser check that it has opened the correct website and hasn’t been redirected to a malicious site.

Data integrity: HTTPS lets the browser detect if an attacker has changed any data the browser receives. 

Secrecy: HTTPS prevents an attacker from eavesdropping on the browser’s requests, tracking the websites visited, or stealing information sent or received.

SEO: HTTPS builds trust, is an SEO ranking factor, and provides more accurate referral data.

What is Mixed Content Warning?

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.


How to find the non-HTTPS contents

There is a free little tool called SSL Check from JitBit which you can use to crawl your HTTPS WordPress site and search for insecure images and scripts that will trigger a warning message in browsers. The number of pages crawled is limited to 200 per website.

How to find the non-HTTPS contents using SSL Check

How to Fix Mixed Content Warnings

Ther are several strategies to fix the HTTPS mixed content warning on a WordPress site, manually or using tools and plugins, in this tutorial we will use the best and efficient way to fix the mixed content warning.

We are going to Edit the site database with the easer and secure way using easy-to-use plugin Better Search Replace to find and replace with in a few minutes, and then simply delete the plugin after you’re done.

HTTP to HTTPS search and replace
  1. Enter in the search for the field the value you want to search for in the database, which in this case is our HTTP domain:
  2. Enter in the replace with the field the new value that should be used to replace the value that you are searching for. In this case, it is our HTTPS domain:
  3. Select tables you want to search on, for multiple tables select click Ctrl-Click for Windows or Cmd-Click for Mac, In this case, we select all tables.
  4. Ensure the “Run as dry run?” option is selected first, as this will count how many replacements will be made without actually making the replacements.
  5. Uncheck “Run as dry run?” and click ‘Run Search’

Important: Ensure you don’t include any leading/trailing whitespace in either of the fields as this might produce undesirable results.

We hope you will find this tutorial helpful while fixing HTTPS mixed content. Thanks for being with PixelDima!