Mixed content happens when a WordPress page loads over HTTPS but some parts of the page still load over HTTP. The page is trying to be secure and insecure at the same time.
This often appears after SSL is added to an older WordPress site. The certificate may be installed correctly, but old images, scripts, stylesheets, fonts, or embeds may still use http:// URLs.
Sometimes the page looks fine but the browser still reports a warning. Other times, the page visibly breaks because the browser blocks unsafe resources.
Why WordPress Sites Get Mixed Content
WordPress stores URLs in more than one place.
Old HTTP links may be found in:
Post and page content
Media library image URLs
Page builder layouts
Theme settings
Widget areas
Menus
Custom CSS
Plugin settings
Database entries
Hard-coded theme or plugin files
Changing the homepage to HTTPS does not automatically update every old link inside the site.
Why Browsers Warn About It
HTTPS protects the connection between the browser and the page. If that page loads a script, image, font, or stylesheet over HTTP, that resource does not get the same protection.
Some resources are riskier than others. Scripts and stylesheets can affect how the page works, so browsers usually treat them more strictly. Images may sometimes be upgraded automatically by the browser, but you should still fix the source of the problem.
Mixed content weakens the visitor’s trust in the page and can break parts of the site.
Common Sources of Mixed Content
For WordPress, common causes include:
WordPress Address or Site Address still using HTTP
Images inserted before SSL was installed
Page builder sections with old background image URLs
Theme options that store logo or font URLs
Plugins loading old assets
Embedded maps, videos, or forms using HTTP
CDN settings that still use HTTP
Hard-coded links in custom templates
If the issue appears on every page, check global settings such as WordPress URLs, theme assets, header scripts, footer scripts, and caching tools.
If it appears on only one page, check that page’s content, images, embeds, and page builder settings.
Mixed Content and WordPress Settings
In WordPress, the WordPress Address and Site Address should normally use HTTPS after SSL is installed and working. These settings affect how WordPress generates links.
Do not change them casually on a live site if you are unsure. A wrong URL can cause login problems or redirect loops.
Before editing WordPress URL settings, confirm that the HTTPS version of the site works and take a backup.
Mixed Content and External Services
Some mixed content does not come from your own WordPress site.
If an external service still uses HTTP, look for an HTTPS version of the embed code. If the service does not support HTTPS, remove or replace it.
How to Find Mixed Content
Start with the browser.
Open the page, right-click, inspect the page, and check the browser console for mixed content warnings. The console often shows the exact file or URL being blocked.
Then check:
The page content
Media URLs
Theme settings
Plugin settings
Page builder background images
Header and footer scripts
Cache and CDN settings
Fix the source of the HTTP URL instead of only hiding the warning.
Reasons to Fix It
Mixed content can reduce visitor trust, trigger browser warnings, and break site features. It can also affect forms, checkout pages, and scripts that your business depends on.
Fixing mixed content helps your SSL setup do its job across the whole site, not only the homepage.
We empower people to succeed through practical business information and essential services. If you’re looking for help with SEO, copywriting, or getting your online presence set up properly, you’re in the right place. If this piece helped, feel free to share it with someone who’d get value from it. Do you need help with something? Contact Us
Want a heads-up once a week whenever a new article drops?
