One of the most frustrating issues site owners face is installing an SSL certificate successfully, but still seeing a "Not Secure" or broken padlock icon in the browser bar. This is almost always caused by a "Mixed Content" error.
What is Mixed Content?
Mixed content occurs when your website is loaded over a secure HTTPS connection, but specific elements on the page—such as images, videos, scripts, or stylesheets—are still being loaded over an insecure HTTP connection.
Because the page is not fully secure (it has a mix of secure and insecure items), browsers like Chrome and Firefox warn the user that the site may not be safe. This effectively breaks the trust seal your SSL is supposed to provide.
How to Identify the Issue
You can check if mixed content is the culprit by following these steps:
Browser Console: Right-click anywhere on your website and select Inspect. Click the Console tab at the top of the window that appears. If you see red or yellow warnings that say "Mixed Content: The page at... was loaded over HTTPS, but requested an insecure image...", this is your issue.
Online Tools: You can use free online scanners like "Why No Padlock?" to scan your URL. These tools will list exactly which files are causing the error.
How to Fix It
To resolve this, every link on your website must use https:// instead of http://.
For WordPress Users: The easiest fix is to use a plugin like "Really Simple SSL" (as mentioned in our previous guide). It automatically scans your content and changes http links to https on the fly.
For Custom Sites: You will need to manually update your website code. Open your HTML or CSS files and look for src="http://...". Change these to src="https://...".
For External Images: If you are linking to an image hosted on another website that does not have an SSL certificate, you must remove that image or host it on your own server to fix the error.
