Over a million developers have joined DZone.

How to Fix Mixed Content Warnings on Your Site

DZone's Guide to

How to Fix Mixed Content Warnings on Your Site

An introductory level article for those interested in getting started in web security, which shows how to find and correct mixed content issues on a site.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

 Is the “mixed content” warning message driving you nuts? Thinking why are you facing this error despite installing an SSL certificate? Well, calm down as we’ve got your back. In this blog, we’ll help you resolve these mixed content warnings. But before we get to the solution part, you must understand the reason behind the mixed content warning message.

As you can tell by the warning message, there must be some sort of “mixed” content on your site. But what exactly? Well, here, mixed content means that the content on your site stems from HTTPS as well as HTTP. Now you might be (as you should) wondering why some content is served over HTTP when you’ve installed an SSL certificate. That’s because installing an SSL certificate is not enough.

It doesn’t guarantee that the content will be served through HTTPS only. Even if you install an SSL certificate and migrate to HTTPS, not all of your content gets migrated. As you see this error, it’s highly likely that some of the scripts or media files present on your site are served over insecure HTTP. This is never a good thing.

So, how do you fix this mixed content error? Simple, you migrate all of your HTTP content to HTTPS. But before you do that, you must find such content. Let’s see how you can do it.

How to Find Mixed Content?

First, go to any web page for which the browsers are showing a mixed content error. Now view its source code (by right-clicking), and search for src=http. Every resource with src=http is considered to be ‘mixed content.’

If this sounds like a lot of work to you, there’s an escape. You can go to www.whynopadlock.com and check for insecure links or resources on your site. Keep in mind that this may not yield extensive results. So, it’s better to go with the first option.

How to Fix a Mixed Content Warning?

As we said earlier, you must migrate your mixed content links to HTTPS. This can be done by adding HTTPS as the prefix instead of HTTP. Of course, this can only be done if you have the website under your control. What if you have given a reference to an external link that is HTTP? Well, in that case, you must ask the URL holder to move to HTTPS. If he/she isn’t able to do it for whatever reason, you must remove this link as it’ll continue causing trouble for you.

How to Fix Mixed Content Warning on a WordPress Website

If you happen to have a WordPress site, there’s a pretty straightforward way. It’s literally a cakewalk. All you have to do is download SSL Insecure Content Fixed and follow the instructions they’ve given. All of your insecure links will be shifted to HTTPS.

You can also use - Force HTTPS WordPress Plugin for SSL Redirect & Fix Insecure Content - https://wordpress.org/plugins/force-https-littlebizzy/

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

security ,mixed content ,ssl ,https

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}