Introduction
You installed SSL, switched your site to HTTPS… but the browser still says “Not Secure.”
That’s usually because of mixed content.
It simply means some parts of your website are still loading over HTTP instead of HTTPS. Even one insecure file (like an image or script) can trigger the warning.
The good news? This is one of those problems that looks scary but is actually easy to fix.
What a Mixed Content Warning Looks Like
You might notice:
- “Not Secure” message in the browser
- No padlock icon 🔒
- Images or styles not loading properly
- Errors in browser console like:
“Blocked loading mixed active content”
Why Mixed Content Happens
Old HTTP URLs Still Exist
Your database may still contain http:// links.
Hardcoded Links in Theme or Plugins
Some files may directly reference HTTP resources.
CDN or External Resources
Fonts, scripts, or images from external sources may not use HTTPS.
Incorrect SSL Setup
Your site may not be fully configured for HTTPS.
How to Fix WordPress Mixed Content Warning
Start with the easiest fix and move step by step.
Fix #1: Update WordPress URLs
First, make sure your site is using HTTPS everywhere.
- Go to Settings → General
- Update both URLs to:
Save changes.
Fix #2: Replace HTTP URLs in Database (Important)
Old links inside your content need updating.
You can:
- Use a plugin like Better Search Replace
- Replace:
http://yourwebsite.com→https://yourwebsite.com
This fixes most mixed content issues instantly.
Fix #3: Use Really Simple SSL Plugin
If you want a quick fix:
- Install Really Simple SSL
- Activate it
- Let it automatically detect and fix mixed content
Good for beginners.
Fix #4: Fix Hardcoded Links in Theme Files
Check your theme files for:
header.phpfooter.phpfunctions.php
Replace any http:// links with https://.
Fix #5: Check External Resources
Sometimes the issue is from outside your site.
Look for:
- Google Fonts (use HTTPS version)
- CDN scripts
- Embedded content
Make sure all external URLs use HTTPS.
Fix #6: Force HTTPS via .htaccess
Add this rule to ensure everything loads securely:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
Fix #7: Clear Cache Everywhere
Caching can keep old HTTP files.
- Clear WordPress cache
- Clear browser cache
- Purge CDN cache
Then reload your site.
Fix #8: Check Browser Console for Errors
To find remaining issues:
- Right-click → Inspect → Console
- Look for mixed content errors
- Fix those specific URLs
Small Tip That Saves Time
Even after fixing everything, your browser might still show the warning due to caching.
Always test in:
- Incognito mode
- Another browser
Final
Mixed content warnings in WordPress are usually caused by old HTTP links or incomplete SSL setup.
Once you update URLs, fix database links, and clear cache, your site should display the secure padlock everywhere.
Final Thoughts
If you want a fast, reliable, and easy-to-use contact form plugin, VPSUForm is the clear choice. Build unlimited types of forms – contact, booking, feedback, surveys – with minimal effort.
👉 Download VPSUForm today and get started
👉 Learn more about VPSUForm’s powerful features here
