Find and block unsafe content on your wordpress installation

For some reason, my WP installation decided to load some files via http instead of https

To find out which file it is, I used the Javascript console

It’s wp-emoji in this case, and I don’t use emojis on my site, so I decided to block it by adding this to my theme’s functions.php

 

remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
remove_action( 'wp_print_styles', 'print_emoji_styles' );