How To Fix Mixed Content Warning In Wordpress In Easy Steps

If you are a webmaster definitely come across the warning by the browsers and not showing the Green Padlock at the address bar. If you found a Mixed content, definitely take it seriously and act as fast as possible to resolve the error.

Before coming into Mixed content, I would like to give a fair idea about HTTP and HTTPS.

The HTTP and HTTPS are both HyperText Transfer Protocol and HTTPS comes with secure access. Yes, everyone knows the HTTP is not secure and HTTPS is more secure and encrypted.

You are absolutely right, the HTTP is transferring the data from the server to the user browser through-plane text. Whereas HTTPS comes with encryption during data transfer. So everywhere we are digitally connected and web browsers are the primary source of intermediary, who accepts the web request from a web server to the user browser and vice versa.

If you are not using the HTTPS protocol for transferring your web content over the internet, what will happen?

The attacker is always looking at your website and trying to access your data over the internet.

HTTPS refers to the security of your website and the encrypted data can not be accessible through the internet.

For attaining the HTTPS, you need to install an SSL certificate for your website and need to either redirect your web address to HTTPS to completely changer the web address to to
This can be set up through the WordPress admin page which is in the settings tab. 

I think you got the general idea of HTTPS.

Primary some of us start our website without an SSL certificate and after that, the SSL is activated and then we will change the URL.

Primary we have to check our SSL certificate validation before starting to fix the Mixed content. If your SSL itself expires then no one will protect and the certificate error will show your web browser.

Use this website to check the SSL certificate validity:

SSL shopper

What is Mixed Content Warning?

Mixed content is something mixed data coming into the browser even though we apply our SSL certificate to the domain. So there will be an indication for the Mixed content warning.

The identification of mixed can be done easily by looking into the address bar and padlock section.

Here you can see the sample error from firefox the padlock shows the alert symbol. If we click on the padlock the message will be expanded saying that the specified website is not secure.

It doesn’t mean that your SSL certificate is not applied. That scenario is entirely different and the error message will be entirely different, like your “website is not secure”.

Currently, you have applied your SSL and still found some of the links inside your website are not communicating via SSL. Hence the unprotected files are transmitting with old age HTTP protocol.

How can you find mixed content?

You can check with any browser for mixed content. Above said is a simple example that is shown in firefox.

Check the Chrome how it looks like:

How the Microsoft Edge is showing this error:

Now you have the knowledge of Mixed content that is present on your site. Yes, Now you have to find which files are being transmitted with HTTP protocol.

There is a simple way to identify in every browser, called Inspect element.


Right-click on the website and click the inspect element

Then you have to change to the Console tab which will give you a detailed link explanation which is non-secure.

Here is an example.

There is another web tool that can help you with mixed content identification.

Open this link and Enter your link in the Secure Address section, then press Test Page.

You will get the result page like this.

And in this example the website says that there is no mixed content.

Why is it to be resolved?

I have already said that some of your content is transmitting an insecure way. So there should be immediate action required in this regard.


The  security always matters ‌  for your WordPress site. We are dealing with sensitive datas like bank details, customer details, and payment information, authentications. If you didn’t take this seriously then a middle man can steal all your data, by accessing the insecure data.

A customer is always looking for a secure site so that they can purchase with banking details. If the site throws any security warning the user may immediately log out and find another secured site.

This may probably affect the business of E-commerce sites.

Affect in SEO rankingsGoogle prefers secured websites to the audiences. So the insecure site ranks may drop eventually.

Google officially announced that HTTPS is a major SERP ranking factor. Even though your SEO factors look great, if HTTPS is not activated then will create a negative impact on your site.

Trust and reliability

The key element of any website that was in business is always trusted by the user. They always think the site never cheats and their sensitive data to be compromised.

The customer found your site is not valid with the HTTPS, then it will impact on the trust and reliability. Even though the site has all the aspects, I feel insecure with lots of popups and ads or any user data forms.

More Mega Website Mistake ?
More Mega Website Mistake ?

How to Fix Mixed Content Warning in WordPress in easy steps

Method 1:Using Whynopadlock website suggestion

We have identified the mixed content files and now we have to fix the error right?

A simple method is, if you found mixed content on the then they will suggest some codes to be applied in your .htaccess file which is on your Root folder of the website.

Method 2: WordPress dashboard URL change

This process is you have to follow before installing any plugins or any other content updation. You can change the Home URL on the Setting >> General tab.

This will allow you to remove the redirect on the .htaccess file, which is having a loading time warning. The direct link can have little request sending and receiving by the browser. Hence the site will load faster.

Change  the WordPress ‌  Address (URL) and Site Address (URL) to HTTPS. And check if the site is loading or not.

Sometimes the site URL will be applied successfully. But in the database there are a lot of links present with HTTP. So this method is not a complete solution if you have done updation like image upload post updation, plugin install, theme file updation, etc.

After updating the URL you have to purge your cache using your cache plugin.

Method 3:Using plugins

There are a handful plugins available for checking the whole database and replacing the URL with the HTTPS version. Among these, I found  the Search and Replace plugin ‌  is very simple lightweight and everything is a single window.

How to remove mixed contents using Search and Replace plugin

There is no need to explain how to install a plugin?

  • So install Search and Replace plugin and activate it
  • The plugin setup will get in Tools >> Search and Replace
  • There you will get 5 tabs. We are using some of them here.
  • Primarily backup your database with the first tab in the setup.
  • The DBname.sql will download, then we can experiment with the replacement.
  • Actually after replacing some of the links may be broken, so it is highly recommended that taking the whole backup through the control panel will be best.

The next major tab we required here is the Search and replace tab. You can see the options are:

Search for: as per the image we are going to find HTTP://Replace with: HTTPS://CSV Format Search/Replace: no need to fillSelect tables:

Here you can select all the tables, you really don’t know where the files are. If you have only images then select these tables.

  • wp_postmeta contains the image URL
  • wp_posts contains an entry for each image insertion into a post, along with the post ID.

If not found any HTTP:// extension, search all tables.

Dry Run:

This is the method of showing only results and suggestions for altering the strings inside tables. So primarily you have to select the Dry Run. Check each suggestion to replace and move forward.

Save changes to Database:

Saving the changes to DB after removing the Dry Run tick mark.

Use GZ compression:

This option is used for exporting the DB with the above said changes and can download as a zipped file.

The example will give you more clarity on this.

As I said after pressing Do Search&Replace will show the total entries like the below image.

Then we can evaluate the links if you want. Otherwise, you can directly change the Dry search tick mark and apply it to save changes to database option on the plugin tab.

Check the site is working properly via a browser.

WordPress HTTPS (SSL) and  Really Simple SSL ‌  also help to force all your links to HTTPS. These plugins are also lightweight and easy to use.

Final Words

Mixed content is one of the major security flaws, even if you have applied for an SSL certificate. You have to ensure there are no missing secure links inside your WordPress website. Again after changing the URL through the plugin once again ensure to check the mixed contents using whynopadlock.

Let me know your thoughts related to Mixed content via the comment section. And if you like this article please share it with your friends on social media.

Shiju, Discover Your Blog
Shiju, Discover Your Blog

Shiju, a WordPress lover who was working as a technical analyst for hosting companies and blogger at Discover Your Blog.

Comments (0)

Leave a comment