Site is HTTPS but the browser warns about mixed content.
Mixed content (HTTP resources on an HTTPS page) breaks the lock and modern browsers often block the resource. Almost always fixable via search and replace.
Try this first
- 1Open devtools > Console. Mixed-content warnings show the exact HTTP resource URLs.
- 2If a few hardcoded references: edit theme or plugin files and replace http:// with https:// at the source.
- 3Many references: use Better Search Replace (WP plugin). Replace http://yourdomain with https://yourdomain in the DB.
- 4Sometimes it's external: an iframe or script served over HTTP. Ask the vendor for an HTTPS variant or host the resource yourself.
- 5Update Site Address and WordPress Address in Settings > General to https. Otherwise WP keeps generating HTTP URLs.
- 6Force HTTPS via .htaccess or Cloudflare's Always Use HTTPS toggle. That redirects all HTTP requests.
When to bring us in
Complex site with many third-party embeds (old widgets, external CMS content)? A thorough per-page audit is needed. A dev can run it in a day; alone you'll spend weeks.
See also
- WordPress, plugins and theme have gone 6+ months without updatesOut-of-date WP is the number-one entry for malware. Don't just hit 'update all', back up first.
- Theme update broke the layout or threw a fatal errorThemes overwrite custom CSS on update unless you use a child theme.
- WordPress shows a blank screen after a plugin install or updateWSOD (white screen of death) is usually one crashing plugin. You isolate it.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.