wordpress ssl warnings

How to Fix Mixed Content Warning in WordPress

Last Updated on April 20, 2022 by WP Knowledge Hub

Adding an SSL certificate to your website is almost a must for modern websites. It protects users data and adds a certain level of trust, which is an important SEO factor for Google and other search engines. But sometimes, adding an SSL certificate can create issues such as the WordPress mixed content warnings.

To avoid the dreaded “not secure” message when users land on your website, it’s important to ensure proper implementation of the SSL certificate. This means making sure all the URLs, scripts, and content is updated to HTTPS instead of the old HTTP.

What Is an SSL Certificate?

While browsing thWhen browsing the internet, we often share personal information such as credit card information. Secure Sockets Layer (SSL) protects your privacy and improves the security of websites by acting as a middleman between your browser and the server that hosts them.

SSL protected sites load over HyperText Transfer Protocol Secure (HTTPS). They’re also marked by a padlock icon in the URL bar. This indicates that the visitor’s data is encrypted during transmission to the server.

What is a WordPress Mixed Content Warning?

Even though you might have successfully purchased, configured and installed your SSL certificate, you may still be seeing that some pages are not secured, or showing a little warning icon like something in the image below:

This is a mixed content warning, which appears in visitors’ browsers if your WordPress site loads both HTTPS and HTTP scripts. It’s not always exactly obvious what the issue is, but essentially it means that not all your links have been converted to HTTPS.

Why am I Seeing HTTPS Mixed Content Warnings?

It’s most likely for these reasons:

  • There are HTTP links in your CSS and JS Files in your theme templates. 
  • Images on the page are hotlinked. Hotlinking is the process of calling images from other sources. Images may have hardcoded URL paths that use HTTP. For example, you might have linked to http://google.com on your page instead of https://google.ca
  • Links to external scripts (like ads) are still using HTTP. As with hotlinking, if you are calling files from external resources that don’t have HTTPS enabled, it might cause a mixed content warning in WordPress.

How to Fix Mixed Content Warnings in WordPress

The easiest way to remove the warnings are to manually comb through your pages and your theme templates to make sure you changed all the hard-coded links to HTTPS. Common pratice in WordPress when writing internal links in pages and template files is to use Relative Linking. Relative linking means avoiding typing the http://yourdomain.com/ part of the link and starting with a trailing slash like: /your-link/ instead.

If you’re not seeing any other HTTP links and you still can’t get rid of the warnings, you may be overlooking something.

You can use a plugin like Really Simple SSL to force ALL HTTP links to become HTTPS links.

Really Simple SSL

Really Simple SSL automatically detects and configures your WordPress site to switch to HTTPS. This is a wonderful plugin that works on any site out-of-the-box. It will:

  • Handle common issues with SSL certificates in WordPress
  • Redirect all incoming requests to HTTPS
  • Enable .htaccess redirects
  • Change your website address to HTTPS
  • Fixes mixed content warnings in most cases, except for outbound links