Knowledge Base

After installing an SSL certificate and forcing HTTPS, you might see a warning in the browser like:

“Your connection to this site is not fully secure.”

This usually means your page is loading some resources (images, scripts, stylesheets, etc.) over HTTP instead of HTTPS. These are called mixed content warnings — and they can prevent the padlock icon from showing.

What Causes Mixed Content?

Even though your page is served over https://, it may still be referencing:

• Images
• CSS/JS files
• Fonts or iframes

…that are hardcoded with http://, creating a mix of secure and insecure content.

How to Fix Mixed Content Issues

1. Update Links in Your Website Code

• Manually search your HTML, PHP, or theme files for any http:// links.
• Replace them with https:// or use relative URLs (like //yourdomain.com/image.jpg).

2. Fix WordPress Mixed Content

Option A: Use a Plugin
Install the plugin Really Simple SSL:

• Automatically detects and fixes mixed content issues.
• Forces all resources to load over HTTPS.

Option B: Update Content Manually

• Go to Settings > General and ensure both URLs use https://.
• Use a plugin like Better Search Replace to change http://yourdomain.com to https://yourdomain.com in your database.

3. Use Developer Tools to Identify Problem Files

• Open your site in Google Chrome.
• Press F12 to open Developer Tools.
• Go to the Console tab and look for errors like:

  Mixed Content: The page was loaded over HTTPS, but requested an insecure image 'http://example.com/image.jpg'.
  

• Update or remove these references.

4. Use Online Scanners

These tools can scan your site and pinpoint mixed content:

• Why No Padlock?
• SSL Checker

5. Clear Caches

• Clear your website cache (especially if using caching plugins like WP Super Cache or W3 Total Cache).
• Also clear your browser cache.

Bonus Tip:

If you’re using external resources (like fonts or scripts), make sure they support HTTPS — or switch to a secure version.