How to Troubleshoot and Fix WordPress Mixed Content Warnings After Enabling HTTPS

Learn how to safely diagnose and fix mixed content warnings in WordPress after switching your site to HTTPS, without breaking layouts or SEO.

Overview: What Are Mixed Content Warnings?

After enabling HTTPS (SSL) on your WordPress site, you may still see a browser warning like “Not fully secure” or padlock icons with alerts. This usually means your pages are loading a mix of secure (https://) and insecure (http://) resources, known as mixed content.

Common insecure resources include:

• Images loaded with http:// URLs
• CSS or JavaScript files from old http:// paths
• Fonts or iframes embedded with http:// links

This guide walks you through a safe, step-by-step process to identify and fix mixed content issues in WordPress.

Step 1: Confirm HTTPS Is Configured Correctly

1.1 Check the Front-End URL

Open your site in a private/incognito window and look at the browser address bar.

• Ensure the URL starts with https://
• Note whether the padlock is fully secure, has a warning, or is missing

1.2 Verify WordPress URL Settings

1. Go to Dashboard ? Settings ? General.
2. Confirm both WordPress Address (URL) and Site Address (URL) start with https://.
3. If you change these values, click Save Changes and log back in if prompted.

Step 2: Identify Which Resources Are Insecure

2.1 Use the Browser Developer Tools

Most modern browsers provide a clear list of mixed content warnings.

1. Open your site in Chrome or Firefox.
2. Right-click the page and choose Inspect.
3. Open the Console tab.
4. Reload the page (Ctrl/?+R).

Look for messages mentioning “Mixed Content” or “was loaded over HTTPS, but requested an insecure resource”. These lines will show you the exact http:// URLs causing the issue.

2.2 Check Multiple Page Types

Repeat the console check on:

• Your homepage
• A standard content page (e.g., About)
• A blog post
• Any key landing or shop pages

Different templates can load different assets, so you may see unique mixed content warnings on each.

Step 3: Fix Mixed Content Caused by Hard-Coded URLs

3.1 Update URLs in Page or Post Content

If the console shows image or link URLs from your own domain using http://, they may be stored directly in your content.

1. Go to Dashboard ? Pages (or Posts).
2. Edit the affected page or post.
3. Switch to the Code Editor (in the block editor) or check the HTML of any custom blocks.
4. Search for http://yourdomain.com and replace with https://yourdomain.com.
5. Click Update.

3.2 Update URLs in Elementor or Other Page Builders

If you use Elementor or another builder, the URL may be stored inside a widget or section setting.

1. Go to Dashboard ? Pages.
2. Hover over the affected page and click Edit with Elementor (or your builder).
3. Check image widgets, background images, buttons, and HTML widgets for http:// URLs.
4. Change them to https:// and click Update.

3.3 Update Theme Options and Widgets

Many themes store logo images, header backgrounds, or custom scripts in theme options.

1. Go to Dashboard ? Appearance ? Customize.
2. Check sections like Site Identity, Header, Footer, and any Custom Scripts areas.
3. Replace any http:// URLs with https://.
4. Click Publish.

Step 4: Fix Mixed Content from Plugins and External Resources

4.1 Check Plugin Settings for Custom URLs

Some plugins store full URLs for images, scripts, or external services.

1. Identify the plugin related to the resource in the console message (e.g., slider, gallery, form).
2. Go to Dashboard ? Plugins and open that plugin’s Settings.
3. Look for any fields containing http:// URLs.
4. Update them to https:// and save.

4.2 Update External Embeds

Embeds from third-party services (videos, maps, iframes) can also cause mixed content if they use http://.

• For YouTube, Vimeo, or similar, ensure the embed code uses https://.
• For Google Maps, regenerate the embed code from the provider’s site using HTTPS.
• For custom iframes, manually change src=”http://” to src=”https://” if the provider supports it.

Step 5: Run a Safe Database-Wide URL Search and Replace

If your site is large, manually updating each URL is inefficient. A controlled search-and-replace can update old http:// references across your database.

5.1 Important Safety Notes

• Always take a full backup (files and database) before running any search-and-replace.
• Use a tool that is serialization-safe to avoid breaking widget and builder data.

5.2 Using a Search-and-Replace Plugin (High-Level)

The exact steps depend on the plugin your developer or host prefers, but the general pattern is:

1. Install a trusted, serialization-safe search-and-replace plugin.
2. Set Search for to http://yourdomain.com.
3. Set Replace with to https://yourdomain.com.
4. Run a dry run or preview if available.
5. Execute the replacement and clear all caches (see Step 6).

Step 6: Clear Caches and Regenerate Minified Files

6.1 Clear WordPress and Plugin Caches

Cached CSS/JS files may still reference old http:// URLs even after you fix the database.

• If you use a caching plugin, open its settings and click Clear Cache or Purge All.
• If your host provides server-level caching, use their control panel to clear it.

6.2 Regenerate Minified/Combined Assets

Performance plugins often combine and minify CSS/JS into new files.

• In your performance plugin, look for options like Regenerate CSS/JS or Delete Minified Files.
• Trigger a regeneration so new files are built with updated https:// URLs.

Step 7: Verify the Fix

7.1 What You Should See

• The browser address bar shows a closed padlock with no warning icons.
• No mixed content messages appear in the Console tab of your browser’s developer tools.
• Your pages load normally, with images, fonts, and scripts functioning as expected.

7.2 Re-Test Key Pages

Revisit the same set of pages you tested earlier:

• Homepage
• Core content pages
• Blog posts
• Shop or checkout pages (if applicable)

If any remaining mixed content warnings appear, note the specific URLs and repeat the relevant steps above.

When to Contact Compass Production Support

Contact your Compass Production project lead or support if:

• Mixed content warnings reference files you cannot locate in WordPress.
• Critical layouts break after a search-and-replace operation.
• You suspect the issue is coming from your theme’s core files or a required plugin.

Share screenshots of your browser console and a list of affected URLs so our team can diagnose and resolve the issue efficiently.