Learn how to fix WordPress mixed content errors after installing SSL. Step-by-step guide to update site URL, force HTTPS, and correct insecure links.
What is a Mixed Content Error?
When you install an SSL certificate, your site should load securely with HTTPS.
But sometimes, images, scripts, or stylesheets still load over HTTP.
This creates a mixed content warning, which:
- Breaks padlock security icon in the browser
- Can lower SEO ranking
- Reduces user trust
Step-by-Step Fix
✅ Step 1: Update WordPress & Site URLs
In wp-admin → Settings → General, set both:
- WordPress Address (URL) →
https://yourdomain.com - Site Address (URL) →
https://yourdomain.com
✅ Step 2: Update Database URLs
Old links may still use http://. Update them with WP-CLI:
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com'
Or use a plugin like Better Search Replace.
✅ Step 3: Force HTTPS with .htaccess (Apache) or Nginx
For Apache (.htaccess):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
For Nginx:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
✅ Step 4: Fix Hardcoded HTTP Links in Theme/Plugins
- Check your theme’s
header.php,footer.php, and CSS files - Replace
http://withhttps://
✅ Step 5: Use a Plugin (Optional)
If you prefer automation, install Really Simple SSL.
It auto-detects SSL and forces HTTPS.
✅ Step 6: Clear Cache
- Clear WordPress cache (if using a caching plugin)
- Clear Cloudflare or CDN cache
- Clear browser cache
⚡ Quick Recap
- Mixed content means some assets load via HTTP instead of HTTPS.
- Fix by:
- Updating WordPress URLs
- Updating database links
- Forcing HTTPS via server config
- Fixing hardcoded HTTP links
- Using a plugin if needed
✅ After fixing, recheck your site with Why No Padlock or browser DevTools to confirm all assets are secure.