Mixed Content/Insecure Content SSL [duplicate]

The simplest solution is to replace all links manually using this solution below will save your time and its very straight forward.

The idea is to remove all (protocol HTTP and HTTPS) and leave them to use protocol relative URL https://stackoverflow.com/a/15146073/3599237

We can do this using the following code for index.php

<?php//this lined added hereob_start();/** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress *//** * Tells WordPress to load the WordPress theme and output it. * * @var bool */define('WP_USE_THEMES', true);/** Loads the WordPress Environment and Template */require( dirname( __FILE__ ) . '/wp-blog-header.php' );//and these lines also $output = ob_get_contents();ob_end_clean();$output = str_replace(array("https://", "http://"), "//", $output);echo str_replace('http:\/\/', "\/\/", $output);

Update: You can simply use Content Security Policy

The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten.

The upgrade-insecure-requests directive is evaluated before block-all-mixed-content and if it is set, the latter is effectively a no-op. It is recommended to set either directive, but not both, unless you want to force HTTPS on older browsers that do not force it after a redirect to HTTP.

Put below line into header section (header.php file).

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

For more information please read: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests