All Collections
SSL Certificates
Mixed Content
How to Fix the Mixed Content Error in WordPress
How to Fix the Mixed Content Error in WordPress

All about mixed content issues and how to fix them in WordPress

Updated over a week ago

After the installation of an SSL certificate and forcing the HTTPS protocol, your website may display a "Not fully secure" warning next to the domain in the URL bar:

The "Your connection to this site is not secure" message on a website with  mixed content

In addition, certain elements on your website may not function properly or fail to load. This is usually due to a mixed content issue, meaning that some images or other content on your website are loading with HTTP instead of HTTPS.

To fix it, update all the links on your page to HTTPS. If you are using the Elementor plugin, go to Elementor Tools, and in the Replace URL page, insert your domain address with HTTP and HTTPS:

The Elementor tool to replace URL

Next, save the changes and reload your website - the mixed content issue will be resolved.

For WordPress websites not using Elementor, check the options below:

Option 1 - Use the Really Simple SSL Plugin

Log in to your WordPress Admin area and click on Plugins → Add New:

The add new plugin menu option on the WordPress Admin area

Install and activate the Really Simple SSL plugin. Next, go to SettingsGeneral:

The general settings menu option on the WordPress Admin area

And verify that your website URL is using https://

The WordPress address URLs on General Settings

Option 2 - Use the Better Search & Replace Plugin

Install the Better Search & Replace plugin, then open Tools → Better Search Replace.

  • In the Search for field, enter the domain's name starting with http://

  • In the Replace with field, enter the domain's name starting with https://

  • Select all the tables, remove the checkmark on Dry Run, if any, and press the button to Run the search and replace:

The Better Search Replace options showing how to use it

Option 3 - Add Code to Your .htaccess File

If the mixed content issue persists after trying the previous methods, open your public_html/.htaccess file (or create it if non-existent) and insert the code below:

Header always set Content-Security-Policy: upgrade-insecure-requests

Save the changes and reload your website - it should be loading properly with HTTPS 💪

NOTE

  • This option is not recommended if your website uses symlinks

Did this answer your question?