Fix Mixed Content (HTTP/HTTPS) Errors

Understanding Mixed Content

HTTPS page loading HTTP resources (images, scripts, stylesheets).

Fix 1: Use Protocol-Relative URLs

//example.com/image.jpg  (works for both HTTP/HTTPS)

Fix 2: WordPress Fixes

Add to wp-config.php:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

// Fix home/siteurl
define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');

Install "Really Simple SSL" plugin.

Fix 3: Update Hardcoded URLs

Search database for http:// and replace:

# WP CLI
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com' --all-tables

Fix 4: Update CDN URL Scheme

Many CDNs support auto-https. Use // or https:// in CDN settings.

Fix 5: Force HTTPS via .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Fix 6: Nginx Redirect

server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$server_name$request_uri;
}

Fix 7: Use Content Security Policy (CSP)

Add header to block mixed content:

add_header Content-Security-Policy "upgrade-insecure-requests;"

This tells browsers to upgrade HTTP to HTTPS automatically.