Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Fixing "Not Secure" / Mixed-Content SSL Warnings

            After you turn on SSL, your site should load with a padlock and https://. If it still shows "Not Secure" or the padlock has a warning, the usual cause is mixed content — some parts of the page still loading over insecure http://. This article explains how to find and fix it.

            What "mixed content" means

            When your page loads over secure https:// but some of its elements — images, scripts, stylesheets — still load over insecure http://, the browser flags the whole page as not fully secure. That mixed connection is "mixed content," and it is the most common reason a site with a valid certificate still shows a warning.

            Before troubleshooting mixed content, confirm your certificate itself is active. See Your Free SSL Certificate (AutoSSL).

            Before you begin

            • An active SSL certificate on your domain.
            • Access to your site's admin area (for example, the WordPress dashboard).
            • A current backup, before changing site settings.

            Step 1: Confirm the certificate is valid

            1. Visit your site at https://yourdomain.com.
            2. Select the padlock (or the "Not Secure" label) in the address bar.
            3. If it reports the certificate is missing or invalid — rather than mixed content — that is a certificate issue, not mixed content. See Renewing & Troubleshooting Your SSL Certificate.

            Step 2: Identify the insecure elements

            Your browser's developer tools list exactly what is loading insecurely.

            1. Open your browser's developer tools (usually the F12 key or right-click and choose Inspect).
            2. Open the Console tab.
            3. Reload the page and look for mixed content warnings — each one names a resource still loading over http://.

            Tip: Note whether the insecure items are your own files (images, theme files) or come from another website. The fix differs slightly for each.

            Step 3: Update your site to use HTTPS

            For WordPress

            1. Go to Settings > General and make sure both WordPress Address (URL) and Site Address (URL) start with https://.
            2. Use a reputable plugin to find and replace remaining http:// links to your own domain with https://, or to handle mixed content automatically.

            For other sites

            • Edit your page code so links to your own resources use https:// (or protocol-relative //).
            • Re-upload any pages you changed.

            Warning: Update database URLs with a search-and-replace tool that handles serialized data (or a trusted plugin). Editing the database by hand can break WordPress settings. Back up first.

            Step 4: Handle external resources

            If the insecure item comes from another site:

            • Switch to the https:// version of that resource if it offers one.
            • Replace or remove the resource if it has no secure version.

            Step 5: Clear caches and re-check

            1. Clear any caching plugin and your browser cache.
            2. Reload the page and confirm the padlock now appears with no warning.
            3. Re-check the developer console to confirm the mixed-content warnings are gone.

            Next steps

            Questions? Contact Exact Hosting Support.

            How helpful was this article?

            Thanks for your feedback!

            Do you still need help? If so please submit a request here.