Mixed Content Error in WordPress: Fix (HTTP/HTTPS)

What this problem is

Your site loads on HTTPS, but the browser shows warnings because some assets (images, CSS, JS) are still requested over HTTP.

Why it happens

• Old URLs stored in the database
• Hardcoded HTTP links in theme files
• CDN or proxy not configured for HTTPS

Prerequisites

• SSL certificate installed and working
• wp-admin access
• Backup before search/replace operations

Diagnosis

1. Open the browser console and identify a few HTTP URLs being blocked.
2. Check Settings → General and verify both URLs use https://.
3. If you use Cloudflare or a reverse proxy, confirm the SSL mode is correct and WordPress sees HTTPS.

Step-by-step (detailed)

1. Set WordPress Address and Site Address to https://.
2. Update hardcoded links in the theme (replace http:// with https:// where appropriate).
3. Run a safe database search/replace using a plugin or WP-CLI.
4. Purge cache (plugin + CDN) and re-test.

Expected results

• No mixed content warnings
• Assets load over HTTPS

What to do if it fails

• If admin redirects loop, review wp-config.php HTTPS settings and proxy headers.
• If some URLs persist, search in theme files and page builder content.
• If you use a CDN, confirm it rewrites URLs to HTTPS.

Best practices

• Use relative URLs when possible.
• Avoid storing absolute URLs in custom fields unless needed.
• Use a staging environment for large search/replace operations.