When migrating a WordPress website from HTTP to HTTPS, website owners often encounter frustrating mixed content and SSL errors. These issues are commonly caused by hardcoded HTTP URLs in either the theme, plugins, or database. One of the most reliable solutions involves using a smart search/replace URL workflow to identify and fix these issues, ensuring that all content is securely loaded via HTTPS. This article breaks down a step-by-step method that has successfully helped developers and site owners fix SSL warnings caused by plugins after site migration.
Table of Contents
TL;DR
After migrating a WordPress site to HTTPS, mixed content warnings usually arise from old HTTP URLs in the database or plugin settings. A structured search and replace URL workflow can resolve most of these problems effectively. Using tools like Better Search Replace or WP-CLI, you can safely update the URLs without breaking serialized data. Make sure to clear caching after changes and double-check plugin configurations that might store old data remotely or in options tables.
What Is Mixed Content and Why Does It Matter?
Mixed content occurs when elements like images, scripts, stylesheets, or iframes loaded on an HTTPS page still reference HTTP-based URLs. Most modern browsers will flag this behavior by showing insecure connection warnings, blocking scripts, or even preventing the page from rendering correctly.
This issue often originates in:
- Plugin settings storing hardcoded HTTP URLs
- Theme files or options configured with old paths
- Database entries that include content built using the Classic Editor or Page Builders, referencing non-secure links
Step-by-Step Workflow to Fix Mixed Content Errors
1. Backup Your Website
Before you perform any major operation on your database, create a full backup. Use tools like UpdraftPlus, BlogVault, or your web host’s in-built backup solution. This step is critical in case any search/replace operation corrupts serialized data or plugin settings.
2. Install the Better Search Replace Plugin
Better Search Replace is a popular plugin designed to safely search and replace URLs across your WordPress database. What makes it ideal is its compatibility with serialized data (preventing serious data corruption).
- From WordPress admin dashboard, go to Plugins → Add New
- Search for Better Search Replace and install it
- Activate the plugin
3. Determine URLs to Replace
In most cases, you’ll be replacing http://yourdomain.com with https://yourdomain.com. Be careful if your domain had “www”, or was previously hosted with a different structure, such as a staging subdomain.
Also, identify plugin-generated URLs that may still be HTTP-based. This includes:
- Shortcodes within plugin content
- Media URLs inserted through editors that didn’t auto-detect HTTPS
- Plugin settings saved in the
wp_optionsor custom tables
4. Perform a Dry Run
Before making actual replacements, perform a dry run using Better Search Replace.
- Navigate to Tools → Better Search Replace
- Enter old and new URLs in the Search for and Replace with fields
- Select all relevant tables (like
wp_posts,wp_options, etc.) - Check the option “Run as dry run?”
This preview will show how many changes will occur and where.
5. Run the Actual Replacement
Uncheck the dry run box and re-run the process to apply changes to the database. Once it completes, you’ll have newer HTTPS URLs stored everywhere in your content and plugin settings that are managed in core tables.
6. Clear All Caches
After replacing URLs, clear all levels of cache:
- Browser cache
- Caching plugins like W3 Total Cache or WP Super Cache
- Server-level cache (e.g., NGINX, Varnish)
- CDN cache if you use services such as Cloudflare
7. Manually Check Theme and Plugin Files
Some themes or third-party plugins might include hard-coded HTTP URLs that don’t live in the database. Common culprits include:
- JavaScript files that initialize on load
- Stylesheets enqueuing background images via absolute HTTP URLs
- Custom PHP templates
Search these files or contact plugin support if you suspect such behavior.
8. Use SSL Checker or Dev Tools to Verify
Verify your site using browsers’ developer tools:
- Right-click on your site → Inspect Element → Console tab
- Look for any “Mixed Content” warnings
If any items are labeled as HTTP, track their source via the DOM path and replace them manually or through your theme/plugin settings.
You can also use external SSL checker tools like:
9. Update Hardcoded URLs in Plugin Settings
Certain plugin settings are not stored in plain content fields and may include values that are serialized or stored remotely. Plugins like:
- Elementor (check global settings)
- Slider Revolution
- WPBakery Page Builder
- Mail opt-in plugins that insert forms with non-updated URLs
These often require opening the plugin interface and updating base URLs manually depending on the storage method used.
Additional Tools You Can Use
- WP-CLI: Perform command line search and replacements safely (great for large databases)
- Interconnect/IT DB Script: A PHP script used for deeper control over serialized data during replacement
- Really Simple SSL Plugin: Temporarily rewrite HTTP assets at runtime (though not a permanent fix)
Frequently Asked Questions (FAQ)
Q: What causes mixed content after switching to HTTPS?
Mixed content errors are typically caused by assets (images, scripts, etc.) being loaded over HTTP instead of HTTPS. These links often come from hardcoded URLs in the database, theme files, or plugin settings.
Q: Can I use Better Search Replace without breaking my WordPress site?
Yes, if you use it properly—especially by utilizing the dry run option and targeting serialized data—it is generally safe. Always take a backup before performing a live search/replace operation.
Q: Do I have to keep Really Simple SSL plugin installed permanently?
No. Its primary role is to temporarily enforce SSL and fix insecure content on the fly. For long-term performance, it’s best to permanently update your database, theme files, and plugin configurations.
Q: Are all mixed content errors visible in the WordPress dashboard?
No. Some errors only appear in the browser’s console or via SSL checking tools. It’s a good idea to regularly audit your site post-migration.
Q: Will search/replace also update plugin options saved in JSON or other formats?
It depends on how the plugin stores its data. For serialized or standard text storage, Better Search Replace works well. For more complex data storage (e.g., JSON, custom formats), manual editing or contacting the plugin developer may be necessary.
Conclusion
Fixing mixed content and SSL errors after migrating your WordPress site to HTTPS may seem daunting, but with the right methodology—particularly a reliable search/replace workflow—you can solve the majority of issues quickly. Always backup your site, test carefully before live changes, and clear all caches. With diligence, your site will be fully secure and error-free.