Mixed content is when an HTTPS page loads resources (images, scripts, styles) over HTTP. The browser shows “Not secure” in the address bar and may block the resources.
\n
How to detect
\n
- Open the site in Chrome / Firefox
- Press F12 → Console tab
- Reload the page
- Look for errors like:
Mixed Content: The page at https://… was loaded over HTTPS, but requested an insecure resource
\n
Typical sources
\n
- WordPress: hard-coded http://yourdomain.tj in posts, themes, widgets
- External images: http://example.com/image.jpg
- Old JS/CSS with http in src/href
- iframes for YouTube/Vimeo with http
\n
How to fix
\n
Option 1 — change links in the DB (for WordPress):
\n
UPDATE wp_options SET option_value = REPLACE(option_value, 'http://yourdomain.tj', 'https://yourdomain.tj');\nUPDATE wp_posts SET post_content = REPLACE(post_content, 'http://yourdomain.tj', 'https://yourdomain.tj');
\n
Option 2 — Better Search Replace plugin in WP admin.
\n
Option 3 — global .htaccess directive:
\n
Header always set Content-Security-Policy "upgrade-insecure-requests"
\n
The browser auto-upgrades all http to https in this document.
\n
Verification
\n
- Address bar shows a green padlock
- Console — no mixed content errors
- Third-party services like whynopadlock.com show problem resources