WordPress Mixed Content Warnings After SSL

Warning Frequency: Common
Error message: Mixed Content: The page was loaded over HTTPS but requested an insecure resource

Mixed content warnings appear when your HTTPS page loads some resources (images, scripts, stylesheets) over insecure HTTP. Browsers block ‘active’ mixed content (scripts, iframes) and warn about ‘passive’ mixed content (images).

This is very common after migrating a WordPress site to SSL. The database often contains hundreds of hard-coded HTTP URLs in post content that need to be updated.

Common Causes

  1. Hard-coded HTTP URLs in post content, widgets, or theme options
  2. Plugin loading assets via HTTP instead of HTTPS
  3. Images inserted before SSL migration still using HTTP URLs
  4. Theme with hard-coded HTTP URLs in CSS or templates
  5. External scripts or embeds using HTTP

How to Fix It

  1. Run a search-replace on the database: wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --dry-run then without --dry-run
  2. Use the Better Search Replace plugin if you don't have WP-CLI access
  3. Check theme Customizer settings for hard-coded HTTP URLs (especially logo and background images)
  4. Add to wp-config.php for reverse proxy setups: $_SERVER['HTTPS'] = 'on';
  5. Use Chrome DevTools Console to identify which specific resources are loading over HTTP
Related Errors
WordPress Too Many Redirects (ERR_TOO_MANY_REDIRECTS)

Frequently Asked Questions

How do I find mixed content on my WordPress site?
Open Chrome DevTools (F12), go to the Console tab, and look for yellow 'Mixed Content' warnings. They'll show exactly which URLs are loading over HTTP.
Will mixed content affect my SEO?
Yes. Google considers HTTPS a ranking signal, and mixed content warnings mean your site isn't fully secure. Fix all mixed content for the best SEO impact.
Get WordPress Performance Tips

Plugin reviews, speed optimization guides, and error debugging — straight to your inbox.

No spam. Unsubscribe anytime. We respect your privacy.