Occasional HTTPS Mixed Content Warning

I just saw this problem myself on my site. The issue for me was that the site was available as both https://example.com/ and http://example.com. If the first request to a page was for the http version, the links to assets would be to http:

  • http://example.com/wp-content/themes/customizr/assets/front/img/thumb-standard-empty.png
  • http://example.com/wp-content/uploads/...
  • etc.

These http asset links would get put into the cache. When somebody requested the page over https and the cached page was returned, they would get mixed content due to the http links in the page cache.

If the first person to visit a page was over https, everything works as expected. The page cache would get built with https asset links.

I solved this problem by redirecting to https by putting the following code in the top my my .htaccess file and then purging all caches.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That way WordPress never gets hit with http requests and the cache always gets built appropriately.

I had thought that setting the site URL to include https would be enough to prevent this problem. However, that does not appear to be the case. My “Settings” -> “WordPress Address (URL)” and “Settings” -> “Site Address (URL)” have always both been set to https://example.com. I had thought that WordPress itself issued redirects to HTTPS with that setting, but apparently it doesn’t. I had also thought that this setting would be used for writing the links to asset URLs, but apparently that is not true either.

Related Posts:

  1. https connection using CURL from command line
  2. Simple Java HTTPS server
  3. HTTPS connection Python
  4. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  5. Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url
  6. Local version of a WordPress site – SSL/HTTPS enforced?
  7. bloginfo() and get_template_directory_uri() with SSL?
  8. After updating site to use SSL all images in posts point to http://
  9. Adding https to wordpress website
  10. SSL setup: wp-login css doesn’t load over httpS
  11. In WP versions >= 4.0, is FORCE_SSL_LOGIN forcing HTTPS for the entire admin session?
  12. Divert http to https with WordPress on IIS
  13. WordPress : To load all asset files coming from HTTP to HTTPS?
  14. I changed my site from HTTPS back to HTTP and now it is broken- Cannot access Admin panel on HTTP URL
  15. un-loading https
  16. WordPress site shows “File not found.” if opened through https
  17. Address a single page to SSL https secure protocol?
  18. wordpress http to https windows server
  19. Jetpack “Connect to WordPress” serving insecure content under HTTPS
  20. Allow non-SSL pages to use https or Force non-SSL pages to http?
  21. Website access with http and https
  22. Need ideas for HTTPS multiple domain solution
  23. How to control SSL in WordPress for automatically changing http to https?
  24. All content is HTTPS, but browsers warn of HTTP mixed content [closed]
  25. How do I handle SSL properly when WP is behind a reverse proxy?
  26. Hi do I change Media files that still show as http after installing ssl
  27. ERR_TOO_MANY_REDIRECTS on wordpress page [closed]
  28. URLs not being output with https
  29. Website Migration (with https) to a new domain(http)
  30. How to move my local wordpress to https?
  31. Why does WordPress uses HTTPS for JS, CSS on EC2
  32. Implications of not completing all tasks when switching to HTTPS
  33. SSL Certificate
  34. Front-end pages messed up due to HTTPS
  35. How to send user data from one website to another
  36. How come all my http URLs are turned to https?
  37. Forcing SSL (Bad Theme coding)
  38. How to switch static files back to using HTTP instead of HTTPS?
  39. My WordPress site SSL is in red crossed color and can’t load at first time?
  40. SSL/HTTPS Redirect Loop
  41. The plain HTTP request was sent to HTTPS port in wordpress [closed]
  42. iHow to redirect all http traffic to https now that a SSL certificate is added?
  43. How to force static assets with HTTP sources to load over HTTPS?
  44. Moving WordPress from http to https over existing site
  45. Properly setting up a “default” nginx server for https
  46. Changing my URL in General Settings cause the site to crash
  47. wordpress is auto using http: not https: as it needs to because the server is http behind a reverse proxy https, how do I stop it?
  48. NET::ERR_CERT_REVOKED in Chrome, when the certificate is not actually revoked
  49. How to generate a self-signed SSL certificate using OpenSSL?
  50. Convert .pem to .crt and .key
  51. What exactly is cacert.pem for?
  52. OpenSSL: unable to verify the first certificate for Experian URL
  53. WordPress wp-admin https redirect loop
  54. Switching MultiSite installation from HTTP to HTTPS
  55. Howto force SSL for all requests?
  56. SSL breaks customizer: page isn’t returned from ajax
  57. Disable all https in WordPress
  58. Force HTTPS using .htaccess – stuck in redirect loop
  59. Favicon causes mixed content warning over SSL
  60. Globally force SSL on all pages
  61. WordPress Move to SSL How to Update Media Assets to HTTPS?
  62. WordPress redirect loop on nginx + apache reverse proxy
  63. Enabling SSL on wordpress results in 404
  64. SSL: How to make customizer images Protocol Relative in WordPress?
  65. AJAX requests broken due to HTTPS for wp-admin
  66. Enable Full SSL for WordPress
  67. WordPress Dashboards: slowness and timeouts
  68. Search and replace http:// links to https:// to get the green padlock
  69. HTTP sitewide, except for: wp-admin, and 2 custom directories
  70. wp-cli command throws error : “SSL routines:tls_process_server_certificate:certificate verify failed” while querying https website
  71. How to set up HTTPS WordPress from Install Step?
  72. Htaccess file isn’t redirecting http sub-pages to https––they display 404 error instead, tried many solutions and none work
  73. I could not access my website wp-admin after installing SSL. And error with mixed content
  74. SSL certificate error on Google Chrome , IE [closed]
  75. How do I set up a local version of my https wordpress site for testing and development using MAMP
  76. Permalinks 404 error with HTTPS host
  77. Too many redirects after added SSL redirect on port 80 virtual host
  78. ReDirect subfolder link to another sub-folder and force SSL
  79. Redirect the whole blog to SSL but not the RSS feed (under Nginx)
  80. Facebook og:image issues after https change [closed]
  81. How to keep WP from using https to get to wordpress.org?
  82. SSL doesn’t work on certain pages – what is wrong?
  83. WordPress site shown as Not Secure on Chrome when SSL certificate is valid
  84. WordPress CSS/Theme gone after SSL got activated
  85. Do I install WordPress from my Cpanel on https or http, if my website has valid certificate?
  86. SSL not working fine, Home url not matching with site url wordpress errors
  87. Specific Page/Post Need to Stay Non SSL
  88. ERR_SSL_PROTOCOL_ERROR
  89. Since moving HTTPS using cloudflare, the admin and login pages no longer work
  90. site on subdomain is redirecting to main site after installing wildcard ssl cert on both
  91. WordPress Insecure Content
  92. SSL certificate breaks CSS (in combination with W3TC)
  93. My site thinks it’s secure when it is fact not
  94. I would like to add ssl certificate to my already existing wordpress site
  95. How do I secure a subdomain using UCC SSL?
  96. Serve HTTPS requests from subdomain
  97. Displaying a remote SSL certificate details using CLI tools
  98. Is it bad to redirect http to https?
  99. Wildcard SSL certificate for second-level subdomain
  100. Does each subdomain need it’s own SSL certificate?