Securing your Divi website with an SSL certificate is essential for building trust and improving search rankings. However, even with SSL enabled, you might encounter a Mixed Content Warning, which can compromise the security and credibility of your site. This guide will walk you through understanding mixed content issues and how to resolve them effectively.
If you are new to the site you can read our article on What is the Divi Theme to gain a clearer understanding.
Understanding Mixed Content Warnings
Mixed content occurs when a webpage served over HTTPS (secured) includes resources loaded over HTTP (unsecured). These resources could be images, scripts, or stylesheets. Browsers block or warn users about such content because it undermines the security provided by HTTPS.
For example, your Divi site might display a padlock in the address bar but still load images or CSS files over HTTP, leading to warnings.
Why Do Mixed Content Warnings Happen?
Several factors can lead to mixed content warnings on Divi sites:
- Unsecured Media Files: Images, videos, or documents uploaded before enabling SSL might still use HTTP links.
- Third-Party Scripts: External scripts or plugins may load resources via unsecured URLs.
- Theme Settings or Custom Code: Hardcoded links in Divi settings or child theme files might include “http://” URLs.
- Unoptimized SSL Setup: Migrating a site to HTTPS without updating internal links can leave traces of HTTP URLs in your database.
Resolving Mixed Content Issues
Now that we know the root causes, let’s dive into the solutions. Here are four practical methods to fix mixed content errors on your Divi site:
1 Using the Really Simple SSL Plugin
The Really Simple SSL plugin is a beginner-friendly solution that automatically detects and fixes mixed content issues.
- Install and activate the plugin from the WordPress dashboard.
- Navigate to the plugin settings and enable SSL.
- It will scan your site and redirect all HTTP resources to HTTPS.
This tool is ideal for Divi users who want a quick and hassle-free fix.
2 Updating URLs with the Better Search Replace Plugin
For a comprehensive cleanup, the Better Search Replace plugin allows you to replace all instances of “http://” with “https://” in your site’s database.
- Install and activate the plugin.
- Go to Tools > Better Search Replace in your WordPress dashboard.
- Enter
http://yourdomain.com
in the “Search For” field andhttps://yourdomain.com
in the “Replace With” field. - Select your database tables (e.g., wp_posts, wp_options) and run a dry run first to preview the changes.
This method ensures that all internal links, including media and menu URLs, are updated.
3 Setting Up HTTPS Redirects in Apache
If your site is hosted on an Apache server, you can configure a server-level redirect to enforce HTTPS.
- Access your site’s
.htaccess
file via FTP or your hosting control panel. - Add the following code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
4 Forcing HTTPS with Cloudflare
If you’re using Cloudflare, their “Always Use HTTPS” feature simplifies the process of enforcing HTTPS.
- Log in to your Cloudflare account and select the domain you want to configure
- Navigate to SSL/TLS > Overview in the dashboard.
- Ensure the SSL/TLS encryption mode is not set to “Off.”
- Note: If the encryption mode is set to “Off,” the “Always Use HTTPS” option will not appear.
- Go to SSL/TLS > Edge Certificates.
- Locate the Always Use HTTPS setting and toggle it to “On.”
- For Automatic HTTPS Rewrites, switch the toggle to On
Cloudflare automatically rewrites insecure HTTP links to HTTPS and ensures consistent delivery of secure content.
What About HSTS?
For an added layer of security, you can enable HTTP Strict Transport Security (HSTS), which forces browsers to load your site only over HTTPS.
- In your
.htaccess
file (or server configuration), add this directive:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
HSTS prevents browsers from attempting to connect over HTTP, even if a user types “http://”. Be cautious when implementing HSTS, as incorrect settings can cause accessibility issues.
Final Thoughts
Mixed content errors can seem daunting, but with the right approach, you can ensure your Divi site is fully secure and delivers a seamless browsing experience. Whether you choose plugins like Really Simple SSL or take a hands-on approach with server configurations, fixing these warnings is crucial for maintaining user trust and SEO performance.
Remember, a secure site isn’t just about compliance—it’s about giving your visitors peace of mind. Keep your Divi site secure and focused on delivering stunning, reliable content.