Mixed content Warnings & Errormessages

How to track down mixed content or insecure content

What to do when you don’t get the green lock

The built in mixed content fixer replaces all urls on your site to https (as of 2.2.11), but there are three types of mixed content the Mixed Content Fixer cannot fix:

  • Http links in css or js files
  • Links to resources on external domains without SSL certificate (an image on another website for example)
  • http links in css or js files on other domains

These links can be located in theme files, plugins, or maybe in a widget you inserted on your site. Sometimes images are inserted from another website with their url, which won’t work anymore if that url can’t load on SSL.

To find these issues, you might consider buying the Really Simple SSL pro plugin, which scans your entire site for all possible issues in files and database, and creates a list of issues to fix, with instructions per issue type.

If you want to do this manually:

First, check if the mixed content fixer is active.

If it is, you’ll have to track down the urls that were not fixed automatically.

  1. Clear any cache in your browser, by clearing the history
  2. If you have a caching plugin active, clear the cache and check if it has been cleared.

Still getting mixed content warnings? Follow these steps:

Open your site in Google Chrome,

Right click on your website. A drop down will appear, with an option “inspect element”


When you click this option “inspect element”, part of your browser changes into a development screen:


To enter the console, simply click “console”. Then you will see the mixed content warnings, like:

Mixed Content: The page at ‘https://domain.com’ was loaded over HTTPS, but requested an insecure image ‘http://domain.com/…’. This content should also be served over HTTPS.


Now we are getting somewhere! In the red characters, you will find some links. These links are the cause of you frustrations. How to fix them depends on your theme, plugins, etc.

First wel will check if the problematic link is located in the websource, or in some other file, .js or .css for example. To do this, we go back to the normal website, right click, and now select “view source”


If we click “view source”, we now see the html code of the page. Do a search (ctrl F or cmd F) on the insecure link you found in the previous steps.

If the link is not in the source, it is probably located in a .css or .js file, generated by a plugin or your theme. Check all your plugins, resave the options, and do the same with your theme.

To find mixed content in your css or js, you can also download these files from your server, do a search on the file, and replace any http links you might find.

Related Articles

  • Images not found with Photon from Jetpack

    Some websites using JetPack have Photon activated. Photon is an image acceleration and editing service, where the images are served from the WordPress cloud. In some cases, there are issues...
  • Disabling ssl for one page only

    The problem: services that don’t support SSL I think the best way to go is to get your entire site on SSL. But sometimes there are services that are not...
  • Does Really Simple SSL make my site slower?

    I get asked this question sometimes, and I specifically built this plugin to be fast: most of the work is done in the back-end, which doesn’t harm your performance. So...
  • No SSL detected, but I’m sure I have SSL

    If the plugin does not detect SSL, but you are sure you have SSL, it is possible the plugin could not open the test page, which is used to check if...

Leave a Comment