- There are 2 types of mixed content, Mixed Passive/Display Content, and Mixed Active Content.
- All the mixed content warning results will be visible.
- Any browser error needs attention and it cannot be ignored.
Mixed Content issues occur when a website data is loaded on both HTTPS and HTTP connections. When an existing HTTP site is secured by installing SSL (Secure Socket Layers) certificate and switched over to HTTPS; all contents, videos, links should be properly loaded to HTTPS. Many times it may happen that a site has a few links or pages of HTTP attached to it, though the whole site is moved to HTTPS.
Browsers don’t like HTTP contents or links on HTTPS sites, and hence when a WordPress site tries to load both secure and non-secure content of a web page, at the same time, the user’s browser displays a Mixed Content Warning.
This warning is a signal that the site doesn’t fully have secure content, so it’s partially encrypted, which makes it easily accessible to cyber-criminals and prone to MIM (man-in-middle) attacks.
Different browsers display this warning in various ways.
Chrome Mixed Content Warning Firefox Mixed Content Warning
There are 2 types of mixed content, Mixed Passive/Display Content, and Mixed Active Content. To know more about these types, click here.
What causes Mixed Content Warnings?
- Majority of mixed content issues pop up, after migration of WordPress site from HTTP to HTTPS. When non-secure links are attached to a secured site, this error occurs.
- CSS or JS files carry hardcoded HTTP links instead of HTTPS. This requires manual fixation of code and replacement of the URL. Before replacing URL, it’s essential to confirm whether it is compliant with HTTPS or not.
- Hot Linked Images cause this error, specifically when the image source is from an unsecured connection (HTTP). Use the HTTPS connection for Hotlinking (embedding an image).
- Hot Linked CSS and JS files too, need to be called from an HTTPS URL.
Ensure that all the external resources that are called, are from secured sources (HTTPS URL), so as to prevent mixed content error.
There are multiple ways to fix this issue, apart from the ones mentioned above. Let’s check out a few more simple solutions:
- Buy Research Report: Laser Indirect Ophthalmoscope Market to Witness a Strong CAGR of 4.2% Over the Forecast Period (2018–2026)
- Buy Research Report: The Global Nuclear Imaging Equipment Market Size was Leading by Valued at US$ 2,220.5 million in 2017
- Buy Research Report: Cosmetic Dentistry Market: Europe to Dominate the $30.1 billion Industry
- Buy Research Report: By 2026, Halitosis Treatment Market To Surpass US$ 16 Billion
- Buy Research Report: Cough Suppressant Drugs Market to Witness a CAGR of 3.7% During the Forecast Period (2018 – 2026)
Fixing WordPress HTTPS Mixed Content Warnings:
These warnings can be fixed by identifying the HTTP contents on the website.
Go to Chrome > Right click web page > Select Inspect > Click Console.
All the mixed content warning results will be visible. To know about how to view and block mixed content on multiple browsers, click here.
Since this security lapse affects user experience and SEO both, it needs to be fixed on priority.
Important: Whenever a fix is applied to your WordPress site, ensure to clear cache from browser and server, restart Chrome, and reload the site, to check whether the mixed content warning is resolved or not.
How to Fix Content Warnings:
1. Mode “ON” for Automatic HTTPS Rewrites in Cloudflare:
Even after SSL integration on the website, many times the padlock is not visible and warnings are issued stating that the site is unsecured. There may be HTTP assets linked to the website, which cause mixed content warnings.
Automatic HTTPS Rewrites, rescript HTML source links and eliminate the errors displayed by the user’s browser, by loading secured content over and above unsecured content. This in turn enables visitors to visualize the security symbols of SSL encryption on a website, i.e. green padlock near the URL.
If you are utilizing Cloudflare, you can enable (turn On) Automatic HTTPS Rewrites, through the SSL app, and rewrite HTTP assets as HTTPS.
In Cloudflare Dashboard > Go to Crypto Section > Turn On.
Ensure that these resources are reachable via HTTPS. This feature fixes the majority of the links.
For more details, check out this guide on troubleshooting mixed content errors for fixing the same.
2. Avail SSL Insecure Content Fixer Plugin:
If Cloudflare Flexible SSL is installed on your WordPress site, this issue will not prevail; since the plugin already resolves the same automatically.
If you are using another SSL certificate and this error warning is displayed, the best choice is to install SSL Insecure Content Fixer Plugin of WordPress. Its main function is to clean the unsecured and mixed content of your WordPress site.
After activating the plugin, go to Settings > SSL Insecure Content. There are different levels of fixes that need to be configured to resolve the error. A detailed guide on the same is available on wpbeginner; which gives you a perfect picture of which is the best fit for your site.
After configuring the settings, click Save to store your settings, and reload the site. This plugin may resolve your issue else modification of the site needs to be done.
3. Modify the Website Database:
Though it is a petrifying move, this may help you to take care of the error, thus promising smooth navigation of your website. Take a full backup of your website before the modification process, in case of an emergency.
Though there are ample ways to edit the same, the easiest way is to install a WordPress Plugin which finds and replaces HTTP URLs with HTTPS. Better Search Replace is one such WP Plugin, which does this task quite efficiently.
- Search field: http://cheapsslshop.com
- Click “Search” and keep on replacing each URL as given in the example below.
- Replace field: https://cheapsslshop.com
- Click “Replace”
This will help to eliminate the majority of the unsecured content warnings, but if some fixes are still pending, the manual method mentioned below (point 5) may help to fix the same.
4. Use HTTPS Checker:
You can also use HTTPS Checker which is available in desktop and online versions.
This tool is the best for migration issues that popup post SSL installation. It identifies the HTTP links on your site as well as continuously monitors HTTPS issues, captures CSP violations like XSS, etc. To know more about the working of this tool, click here.
5. The Manual Method:
If you have to manually fix this error, you need to find out which unsecured contents require manual fixes, i.e. which contents are being grabbed from HTTP sources.
Use Chrome Dev Tools, which diagnose problems quickly, allows editing HTTP links, and putting HTTPS URLs, thus making your site speed faster. For step wise viewing of the process, click here.
HTTPS is a necessity nowadays, so go to an SSL store and buy an SSL certificate for your site. Install an SSL certificate and secure it completely with HTTPS.
Any browser error needs attention and it cannot be ignored. This weak link in your website causes a security lapse, which proves to be fatal for your website. This loophole increases the chances of sites being hacked or damaged by cyber-criminals. Hence it’s best to take appropriate action and resolve the error.