What is Mixed Content?
Mixed content on a website occurs when the initial code is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, while the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.
Learn more about mixed content and managing it via Google’s Web Fundamentals for developers.
Why Should You Care?
In December 2019, the Chrome browser will begin blocking content on website pages with mixed content (a mix of SSL and non-SSL content). Mixed content can make web pages show as “insecure” and make it more difficult for the browser to render content within the page. Official announcement from Google.
Mixed content on a webpage can be used by hackers to manipulate users, install malware, and hijack a website. This jeopardizes your website security as well as the safety of your website visitors.
It also creates a bad user experience as a browser cannot indicate whether a page is completely secure or insecure.
How to Identify and Fix Mixed Content in WordPress
Finding HTTP content
Fixing insecure content issues on a WordPress website is usually not difficult to do; however, first you have to find and identify this content. You might be tipped off that this is happening if you see an insecure warning in the browser bar even though you have installed an SSL certificate on your website (we go over that in this blog post – take a look!)
The most basic way to identify the insecure content is to use the browser Development Tools (such as the Chrome Inspector). When you open the inspector and go to the “Console” tab, mixed content errors will show in red:
A more thorough way to check your website is to use a free tool like Screaming Frog or JitBit SSL Checker to crawl your site. Paid tools like SEMrush can be used to do a complete audit of your website, to identify mixed content errors, broken links and more. This is an expensive tool that web and SEO agencies use.
Fixing mixed content errors
The easiest way to fix the mixed content issues on your WordPress website is to use the SSL Insecure Content Fixer WordPress Plugin. Just install this plugin, configure it to scan your website (there are a number of options) and it will fix them behind the scenes. The Really Simple SSL plugin also fixes the mixed content errors, but may not be approved by your host as it can interfere with their server SSL settings.
If you need help finding and fixing mixed content errors on your website, get in touch and we’ll be glad to work with you!