All Collections
SSL Certificates
Mixed Content
How to Fix the Mixed Content Error on WordPress
How to Fix the Mixed Content Error on WordPress

All about mixed content issues and how to fix them on WordPress

Updated over a week ago

After installing an SSL certificate and forcing the HTTPS protocol, your website may display a “Not secure” warning next to the domain in the URL bar:

The "Your connection to this site is not secure" message on a website with  mixed content

In addition, certain elements on your website may not function properly or fail to load. This is usually due to a mixed content issue, meaning that some images or other content on your website are loading with HTTP instead of HTTPS.

To fix it, update all the links on your page to HTTPS. If you use the Elementor plugin, go to Elementor ToolsReplace URL, and insert your domain address with HTTP and HTTPS:

The Elementor tool to replace URL

Next, save the changes and reload your website — the mixed content issue should be resolved.

For WordPress websites not using Elementor, check the options below 👇

Option 1 — Use the Really Simple SSL Plugin

Log in to your WordPress admin area and click on Plugins Add New:

The add new plugin menu option on the WordPress Admin area

Install and activate the Really Simple SSL plugin. Next, go to SettingsGeneral:

The general settings menu option on the WordPress Admin area

Make sure your website URLs include https://

The WordPress address URLs on General Settings

Option 2 — Use the Better Search & Replace Plugin

Install the Better Search & Replace plugin, then go to Tools Better Search Replace.

  • In the Search for field, enter the domain name starting with http://

  • In the Replace with field, enter the domain name starting with https://

  • Select all the tables, remove the checkmark next to Run as dry run? (if any), and click on Run Search/Replace:

The Better Search Replace options showing how to use it

Option 3 — Add Code to the .htaccess File

This option is not recommended if your website uses symlinks 💡

If the mixed content issue persists after trying the previous methods, open your public_html/.htaccess file (or create it if non-existent) and insert the code below:

Header always set Content-Security-Policy: upgrade-insecure-requests

Save the changes and reload your site — it should be loading properly with HTTPS. If you're still having the same issues, try following this more detailed guide.

Did this answer your question?