ssl - Https Website: CSS and JS files load in http and admin page does not load too

After enabling SSL the website loads in HTML. CSS and JS files load only in HTTP(view source) and the admin page does not load either.

Tried implementing all solutions like rewrite condition to force https, wp-config file, ssl plugins. Nothing works.

Now the entire website has mixed content of http(CSS and JS) and https(HTML).

After enabling SSL the website loads in HTML. CSS and JS files load only in HTTP(view source) and the admin page does not load either.

Tried implementing all solutions like rewrite condition to force https, wp-config file, ssl plugins. Nothing works.

Now the entire website has mixed content of http(CSS and JS) and https(HTML).

• wp-admin
• ssl
• https

Share Improve this question asked May 13, 2023 at 21:31 SecurityCIOSecurityCIO 111 bronze badge 6

• 1 Are the values for siteurl and home in the wp_options database table updated? If a multisite, then siteurl in the wp_sitemeta database table needs to be updated. These updates can be done using WordPress Admin pages. Alternatively, you can use the wp_config.php constants WP_HOME and WP_SITEURL. The link to the WordPress help page Changing The Site URL should be helpful. – kofeigen Commented May 13, 2023 at 21:53
• Both site and home UTL have HTTPS in the wp_options table. The wp_config file has a slash at the end. Is this correct? define( 'WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '/' ); define( 'WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '/' ); – SecurityCIO Commented May 14, 2023 at 10:02
• Hi @SecurityCIO. Please back up database before using any of these suggestions. wp-config.php example in WordPress docs does not use a trailing slash. You don't really need a plugin. phpMyAdmin has a good Find and replace utility found under the Search option (after selecting a table). The main tables and columns to update are: wp_posts (columns: post_content, guid), wp_postmeta (meta_value), wp_options (option_value), (if multisite: wp_sitemeta: meta_value). Use steps #3 and #4 in ray-happyforms's answer (don't just search for http://). – kofeigen Commented May 14, 2023 at 19:48
• Also, if using your own custom plugins that enqueue JavaScript and CSS with wp_enqueue_script or wp_enqueue_style make sure the src parameter is using https:// if absolute URLs are used. Updates do not necessarily require changing .htaccess unless you've already made changes that need to be reversed. If updating tables manually using phpMyAdmin's Find and replace, check to see if URLs exist in other database tables like wp_termmeta. – kofeigen Commented May 14, 2023 at 19:48
• Nothing worked with EC2. Succeded with AWS Lightsail to handle things on its own. I'm not a developer, probably I didn't handle it well. But thanks for all the support Kofeigen. – SecurityCIO Commented May 15, 2023 at 17:19

 |  Show 1 more comment

1 Answer 1

Sorted by: Reset to default 0

If I understand your issue correctly, you're having a "Mixed Content" error, and it happens when a site that's supposed to be served over HTTPS (secure) is also serving some of its content over HTTP (non-secure). In your case, it appears that your CSS and JavaScript files are being served over HTTP, which is causing the problem.

First, ensure that your website's URL in the WordPress settings is using HTTPS. You can do this by going to "Settings" > "General" in the WordPress admin area. Both the "WordPress Address (URL)" and "Site Address (URL)" should start with https://.

If that's already correct, or if changing it doesn't fix the issue, you'll need to replace all the HTTP URLs in your database with HTTPS (if you haven't tried it yet). Note that this should be done carefully, as making mistakes in your database can break your site. So to do that, you'll need to use a plugin like Better Search Replace

Here's some step-by-step that you can follow as a guide:

1. Install and activate the Better Search Replace plugin.
2. Go to "Tools" > "Better Search Replace" in your WordPress admin area.
3. In the "Search for" field, enter your site's URL with http:// (e.g., http://yourdomain.com).
4. In the "Replace with" field, enter your site's URL with https:// (e.g., https://yourdomain.com).
5. Select all the tables.
6. Run a test first to make sure everything is working correctly. To do this, check the "Run as dry run?" option. If it is, uncheck the "Run as dry run?" option and run the replacement.

Remember to deactivate and delete the Better Search Replace plugin when you're done using it.

And if you're using a caching plugin, don't forget to clear your site's cache and your browser's cache to make sure you're seeing the latest changes of your site.

If you are not comfortable with changing database values using the Better Search Replace plugin, you can also try using the Really Simple SSL plugin to force your WordPress installation to use HTTPS on all of its pages and resources.