Unable to Fix Mixed Content Issues

ExpertTip

#1

I have tried several things to get rid of mixed content issues on my website (https://www.millworksconstructionservices.com/), but can’t find where those links are to be able to update them. Any thoughts?

Things I’ve Tried

  • Better Search and Replace
  • Real Simple SSL
  • Looking Through My Theme Files and Doing a Search Through the Code
  • Remove the Image and Add Them Back
  • 301 Redirect the HTTP URL to HTTPS
  • Remove Images Altogether
  • Chased My Tail All Darn Day

#2

Have you used developer tools to see exactly what is loading insecurely?

If not, you can use a tool like this:

https://www.whynopadlock.com/results/1508b9d7-fc3d-4b69-a4c6-4521018c9dba

Have you also tried all the steps here?

Personally, for WordPress, I like the plugin Real-Time Find and Replace, it can be a bit hands on with fixing the mixed content though!!


#3

My surefire go-to is to put this in .htaccess:
Header always set Content-Security-Policy: upgrade-insecure-requests


#4

You could just search your MySQL database for the 6 URLs with http://www.millworksconstructionservices.com/ then add the s.


#5

The images are being invoked by this style.css file:

https://www.millworksconstructionservices.com/wp-content/uploads/cherry-css/style.css?ver=1552000045

And they have paths leading to the theme:

background:url(http://www.millworksconstructionservices.com/wp-content/themes/theme57738/images/false_button.png) 0 0 repeat;

I’d check the child theme’s style.css file. If you don’t have a child theme, create one and edit the style.css to copy the relevant parts, replacing with https://.

I wonder if Automatic HTTPS Rewrites on the Crypto app wouldn’t have avoided this.


#6

If I could share a GIF here, it would be the guy banging his head on a desk. Yep, that was easy enough - thank you!


#7

Yep, went through all of that too, but still couldn’t find anything to get rid of these last remaining 5 URLs, but @sdayman’s response did the trick!


#8

I tried that too - they’re not pulling up! I have no idea what is going on. Thanks for the tip, though!


#9

YES!!! There they are - geez! Thank you so much!!!


#10

And I did this too: “I wonder if Automatic HTTPS Rewrites on the Crypto app wouldn’t have avoided this.” I’m not sure why those few weren’t caught, but life is good now, so thank you for the help!!!


#11

Because this works in HTML pages only, won’t parse JS and CSS as far as I know.