Mixed Content on Websites: How to Identify and Fix Errors in Various CMS

Imagine opening a website via HTTPS, but some of its content still loads using an unsecured connection. This is what we call Mixed Content. Such pages are considered unsafe: data transmitted over HTTP can be intercepted or altered by attackers.

Modern browsers aim to protect users from potential hacking risks. They either block unsafe requests or automatically upgrade HTTP to HTTPS when possible. However, this can cause a website to malfunction, and errors like "This request has been blocked" may appear in the developer console.

How to Identify Mixed Content on Your Website?

You can detect this issue in several ways:
1. Browser Icon — some browsers display an icon indicating partial connection security.

2. Errors in the Developer Console. Open the developer tools (Ctrl+Shift+I) and go to the "Console" tab. The browser will indicate which resources are loading via HTTP and whether they are being blocked or the protocol is being changed.

How to Fix Mixed Content?

Important! Always backup your website before making changes. This will allow you to restore it if something goes wrong.

WordPress

1. Replace all HTTP links with HTTPS in the database. To do this:
— Connect to the server via SSH or a web terminal.
— Navigate to the site directory:

cd ~/site_dir/public_html

— Run the link replacement command:

wp search-replace 'http://example.com' 'https://example.com'

2. If you’re using the Elementor plugin, execute the following:

wp elementor replace-urls 'http://example.com' 'https://example.com'

3. Clear the cache:

wp cache flush 

Check your website. If the issue persists, manually review the links.

Bitrix
1. Replace absolute links like http://your_site/bitrix/admin/*** with relative ones: /bitrix/admin/***. Use a file manager’s search tool to locate such links.
2. Check media content and custom components. Replace HTTP links with HTTPS.
3. Fix links to external scripts if the site connects them.

Joomla
1. Ensure HTTPS is enabled for the entire site:
— Log in to the admin panel.
— Go to "System" → "Global Configuration" → "Server."
— Ensure the "Force SSL" option is set to "Entire Site."
2. Configure redirection to HTTPS via the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

3. For certain components like VirtueMart, enable SSL in the module settings.

OpenCart
1. Check HTTPS settings in the config.php and admin/config.php files. Replace all HTTP links with HTTPS.
2. In the admin panel, go to "System" → "Settings" → "Server" and enable "Use SSL."
3. If the problem persists, use the developer console to identify and manually fix the links.

Additional Tip for All CMS

Add the following rule to your .htaccess file to automatically upgrade request protocols:

Header always set Content-Security-Policy: upgrade-insecure-requests

This will instruct the browser to use HTTPS wherever possible. If mixed content still exists, manually fix the problematic links.

Now you know how to handle Mixed Content and make your website secure!