Fix 'mixed content' warnings on an HTTPS site
Find and replace the http:// assets that break your padlock icon.
5 min read intermediateUpdated Apr 6, 2025
BI
Reviewed by the editorial team · Apr 6, 2025
Step by step
- 01
Open the browser console
Errors will list each insecure resource.
- 02
Search the database
WordPress: use Better Search Replace plugin. Replace http://yourdomain.com with https://.
- 03
Fix theme/hardcoded URLs
Edit theme files — look for http:// in image src, CSS background URLs, scripts.
- 04
Force HTTPS at server
Add 301 redirect rule in .htaccess or via Cloudflare Page Rules.
- 05
Add Content-Security-Policy
'upgrade-insecure-requests' header forces browsers to auto-rewrite.
IT & Technical · Done-for-you
Want the boring tech handled?
We set up domains, email, SSL, security and integrations so nothing breaks.
Book a tech call