Technical guide on resolving HTTPS mixed content warnings in WordPress. Learn to use WP-CLI to safely perform a database-wide search-and-replace for image paths and hardcoded links.
Resolving Mixed Content Warnings via Database Search-and-Replace
After installing an SSL certificate on your Hovixa VPS, you may encounter Mixed Content Warnings. This occurs when your site is loaded over https, but internal resources—such as images, scripts, or stylesheets—are still being requested via http. Browsers will block these resources or mark the connection as "Not Fully Secure." Resolving this requires a global database update to rewrite these hardcoded strings.
1. The Risk of Manual SQL Updates
It is analytically critical to avoid using standard SQL UPDATE queries for this task. WordPress stores much of its configuration (especially in wp_postmeta and wp_options) as Serialized Data. A serialized string includes a character count (e.g., s:4:"http"). If you manually change http to https, the character count remains the same while the string length increases, causing the data to become corrupted and unusable by PHP.
2. Using WP-CLI for a Safe Search-and-Replace
The wp search-replace command is the gold standard for this operation. It is serialization-aware, meaning it automatically recalculates the character counts for every string it modifies, preserving database integrity.
Step 1: Perform a Dry Run
Always simulate the change first to see how many instances will be affected without actually writing to the disk.
wp search-replace 'http://example.com' 'https://example.com' --dry-run
Step 2: Execute the Live Replace
Once you've verified the count, execute the command. This will iterate through all tables in your database.
wp search-replace 'http://example.com' 'https://example.com'
3. Handling Edge Cases: Elementor and Widgets
Some page builders, like Elementor, store their own CSS cache which may still reference old URLs even after a database replace. If you still see warnings:
- Regenerate CSS: Go to Elementor > Tools > Regenerate CSS.
- Flush Object Cache: If you are using Redis on your Hovixa VPS, run
wp cache flush.
4. Quick-Reference for HTTPS Transition
| Component | Action Required |
|---|---|
| Database | `wp search-replace` to update hardcoded media/links. |
| Nginx | Redirect all 80 (HTTP) traffic to 443 (HTTPS). |
| wp-config.php | Ensure `FORCE_SSL_ADMIN` is set to `true`. |
| External Assets | Verify CDN or third-party scripts support HTTPS. |
5. Technical Implementation Details
- Specific Tables: If you only want to search the posts table for speed, you can limit the scope:
wp search-replace 'old' 'new' wp_posts. - Multisite: On a multisite network, use the
--networkflag to ensure the replacement propagates across all sub-sites. - Backup: Even though WP-CLI is safe, always run
wp db exportbefore a global search-and-replace. If the search string is too generic, you could accidentally overwrite unintended data.
Sysadmin Advice: After the replacement, use the browser's "Console" tab (F12) to identify any remaining mixed content. If a resource is still failing, it may be hardcoded in your theme's PHP files (header.php or functions.php) rather than the database. Use `grep -r "http://" .` in your theme directory to find them.
