How To Fix the “HTTPS Not Secure” Message in Chrome

Key highlights 

• Chrome displays a “Not Secure” warning when a website lacks an SSL certificate or has an incorrect HTTPS setup. 
• Websites with a “Not Secure” warning can lose user trust, experience decreased traffic and suffer lower search engine rankings. 
• Implementing HTTPS encrypts data, protecting it from cyber threats and ensuring a secure browsing experience. 
• Fixing the “Not Secure” message involves purchasing and installing an SSL certificate, updating website URLs and setting up proper redirects. 
• A properly secured website improves SEO rankings, enhances user confidence and aligns with Google’s security standards. 

Introduction 

If you’ve ever seen the warning “your connection to this site is not secure” while visiting a website in Chrome, you may need to fix the issue to ensure a secure connection. Getting a “Not Secure” warning in Chrome when you visit your website can be alarming. This message indicates that your site lacks HTTPS encryption, making it vulnerable to cyber threats such as data interception, hacking and phishing attacks. When visitors encounter this warning, they may choose to leave your site, impacting traffic, conversions and overall credibility. 

Google Chrome displays this warning when a website does not have an SSL (Secure Sockets Layer) certificate installed or if there are issues with mixed content. HTTPS encryption ensures secure communication between a user’s browser and your website, safeguarding sensitive data like login credentials and payment information. 

If you’re wondering how to fix a not secure website in Chrome, this guide will walk you through the necessary steps to secure your site, install an SSL certificate and ensure all connections remain encrypted. Addressing this issue will not only enhance security but also boost your site’s search rankings and user trust. 

Understanding the “HTTPS Not Secure” warning 

Google Chrome issues a ‘Not Secure’ warning when a website does not have a valid SSL certificate or delivers content over HTTP instead of HTTPS. Users may also encounter the ERR_SSL_PROTOCOL_ERROR in such scenarios.

This indicates that the connection between the visitor’s browser and the website is unprotected. As a result, it becomes vulnerable to security threats like data interception or hacking attempts.

When users see this warning, they may hesitate to enter personal information like passwords or payment details, which can negatively impact website traffic, conversions and trust. 

What triggers the Chrome security alert? 

There are several reasons why Chrome may display the “HTTPS Not Secure” warning: 

1. No SSL certificate installed 

If your website does not have an SSL (Secure Sockets Layer) certificate, Chrome will mark it as Not Secure. SSL certificates encrypt the data exchanged between a website and its visitors, ensuring a safe browsing experience. 

2. Expired or invalid SSL certificate 

Even if your website has an SSL certificate, it can still trigger the warning if the certificate has expired, is improperly installed or is from an untrusted provider. To avoid this, regularly check your SSL status in your hosting provider’s dashboard. Bluehost provides a free SSL certificate, which you can activate and renew easily. You can verify this in your hosting provider’s SSL settings. 

3. Mixed content issues 

Even after installing an SSL certificate, your site may still load some resources such as images, CSS files or JavaScript over HTTP instead of HTTPS. This is called mixed content and can cause Chrome to display the security alert. To fix this, update all resource links to HTTPS using plugins or manually replace outdated URLs in your database and theme files. 

4. Incorrect HTTPS configuration 

If your website is not correctly set up to force HTTPS, users may still access the HTTP version of your site. Setting up a 301 redirect ensures all traffic is automatically redirected to the secure HTTPS version. This can be done using a plugin like WooCommerce or manually updating your .htaccess file. 

Also read: How to Locate, Create and Edit the WordPress .htaccess File 

The importance of resolving Chrome’s “Not Secure” warning 

Ignoring the “Not Secure” warning can lead to several negative consequences, including loss of traffic, lower search rankings and decreased customer trust. Here’s why fixing it is essential: 

Security 

A website without HTTPS leaves user data vulnerable to interception by hackers. An SSL (Secure Sockets Layer) certificate encrypts the data transferred between a user’s browser and your website. This encryption makes it much harder for attackers to intercept sensitive information. It helps protect passwords, credit card details and personal data from cyber threats. 

Without HTTPS, cybercriminals can exploit vulnerabilities and execute attacks like man-in-the-middle (MITM), where data is intercepted without the user’s knowledge. Moreover, enabling HTTPS ensures compliance with industry security standards and regulations, reducing the risk of potential legal liabilities. 

Also read: 10 Warning Signs Your WordPress Site Is Compromised (And How to Fix It) – Bluehost Blog 

Increase (or at least maintain) traffic 

Google prioritizes secure websites in search rankings, meaning that not having HTTPS could negatively impact your SEO performance. Websites marked as “Not Secure” tend to experience higher bounce rates since visitors often leave immediately upon seeing the warning. This results in lost engagement and conversions. By securing your website, you improve your chances of retaining users, reducing bounce rates and maintaining or even increasing organic traffic. 

Additionally, major browsers like Chrome actively discourage users from visiting non-secure sites, further emphasizing the need for HTTPS to avoid penalties and maintain credibility. 

Trust 

Online users expect a safe and secure browsing experience. A website that displays the padlock icon in the address bar instills confidence in visitors, reassuring them that their personal information is protected. In contrast, a “Not Secure” warning creates doubts about the site’s legitimacy, making users hesitant to proceed. This is especially important for eCommerce businesses and websites that handle sensitive transactions.  

By implementing HTTPS, you build trust with your audience, strengthen your brand’s reputation and foster a sense of reliability that encourages users to engage with your site without fear of data breaches.  

Why does Chrome show ‘your connection to this site is not secure?’ 

Chrome prioritizes user safety by alerting visitors when a site does not follow HTTPS security protocols. If your website is still using HTTP instead of HTTPS, Chrome flags it as a security risk. Additionally, there are several other reasons why Chrome may display the “your connection to this site is not secure” warning: 

• Expired or invalid SSL certificate: Even if an SSL certificate is installed, an expired or improperly configured certificate can still trigger the warning. 
• Outdated security protocols: Some SSL/TLS versions are outdated and no longer considered secure. If your site relies on older protocols, Chrome may still flag it as insecure. 
• Self-signed SSL certificates: A self-signed SSL certificate is not issued by a trusted Authority, which can cause Chrome to display the warning even though the site technically has HTTPS. 

Also read: What You Need to Know About SSL Certificates 

How to fix ‘your connection to this site is not secure’ warning in Chrome (Step-by-Step) 

Seeing a “Not Secure” warning in Chrome on your website can harm your credibility and discourage visitors from engaging with your content. Below is a detailed guide on your connection to this site is not secure how to fix in Chrome with Bluehost-specific solutions to simplify the process. 

Step1: Purchase an SSL certificate 

An SSL (Secure Sockets Layer) certificate encrypts the data between a visitor’s browser and your website, securing sensitive information like passwords and payment details. We offer free SSL certificates which enhance your website’s trustworthiness. 

Bluehost SSL solutions: 

• Free SSL: Bluehost includes a free SSL certificate with most of their hosting plans, including WordPress hosting, which you can manage easily through cPanel.
• Premium SSL: If you need advanced security for eCommerce or business websites, you can purchase a premium SSL certificate through Bluehost. 

How to activate an SSL on Bluehost:

1. Log in to your Bluehost account. 

2. Navigate to My Sites and select the site you want to secure. 

3. Click on Manage Site → Security tab. 

4. Toggle on Free SSL Certificate (if it’s not enabled by default). 

If you need a premium SSL, you can purchase one from Marketplace → Add-ons → SSL certificates. 

Step 2: Install the certificate using your web host 

Once you’ve purchased or activated an SSL certificate, the next step is to install it on your hosting server. 

Installing SSL on Bluehost: 

• For Free SSL, Bluehost automatically installs it. 
• If you purchased a Premium SSL, follow these steps: 
• Go to your Bluehost Dashboard → Security tab. 
• Click Install SSL and follow the instructions. 
• Once installed, check your SSL status under Security settings. 

If your SSL is not working, you can contact Bluehost support for assistance. 

Step 3: Change your WordPress URL 

After activating SSL, update your websites URL to reflect the secure HTTPS version. 

How to update WordPress URL: 

1. Log in to your WordPress dashboard. 
2. Go to Settings → General. 
3. Locate WordPress address (URL) and Site address (URL). 
4. Change both URLs from http://bluehost.com to https://bluehost.com. 
5. Click Save changes. 

Bluehost’s WordPress Tools help you manage your site settings easily, ensuring a smooth transition from HTTP to HTTPS. 

Step 4: Implement a site-wide 301 redirect 

Although you’ve changed your website URL to HTTPS, most visitors are still familiar with the HTTP version. They might have bookmarked your site or continue using the old link to access it. This can lead to security warnings or mixed content errors. 

To solve this, you need to instruct WordPress to redirect all HTTP traffic to your new HTTPS URL. The best way to do this is by setting up a 301 Redirect, which permanently forwards visitors from HTTP to HTTPS. 

Method 1: Using a plugin (Easy option) 

If you want a quick and hassle-free solution, you can use a plugin like WooCommerce to enforce HTTPS across your site. This plugin automatically redirects all HTTP traffic to HTTPS and fixes mixed content issues. 

How to set up a redirect using WooCommerce plugin: 

1. Log in to your WordPress dashboard. 
2. Go to Plugins → Add New. 

3. Search for WooCommerce plugins and install it. 

4. Activate the plugin and follow the necessary steps. 

5. The plugin will automatically redirect all HTTP traffic to HTTPS. 

This method works well for most websites, but sometimes, plugins can fail due to conflicts or updates. If you want a more reliable and permanent solution, you can manually set up a 301 redirection. 

Method 2: Manually redirecting using .htaccess (Recommended for reliability) 

Setting up a manual redirect ensures that all visitors land on the secure HTTPS version of your website, even if a plugin stops working. 

To do this, you’ll need a FTP client like FileZilla to access your website files. Here’s how: 

1. Open FileZilla and connect to your website using your FTP credentials. 
2. Navigate to the public_html folder. 
3. Locate the .htaccess file (If you don’t see it, enable “Show Hidden Files” in FileZilla settings). 
4. Right-click and choose Edit. 
5. Add the following lines of code at the top of the file: 

perl 

CopyEdit 

RewriteEngine On 
RewriteCond %{HTTPS} !=on 
RewriteRule ^ (. *) $ https:// {HTTP HOST} % {REQUEST URL} [L, R=301] 
 

6. Save the file and upload it back to the server. 

Once done, try visiting your site using http://bluehost.com. It should automatically redirect to https://bluehost.com 

How to access non-secure websites in Chrome 

Despite its potential risks, many websites still do not implement HTTPS. Consequently, when a visitor lands on such a website, they are confronted with warning messages. 

If you want to prevent these warning messages from appearing, follow these steps in Google Chrome: 

1. Open a new Google Chrome window. 
2. In the address bar, enter “chrome://flags.” 
3. In the search field on the Flags page, type “secure.” 
4. Look for an option that allows you to bypass the warning notices. 

Alternatively, you can choose to disregard the warning notice when you visit a website without an SSL certificate. You’ll be presented with two options: 

Advanced: This option is for individuals who prefer not to proceed to the insecure website. They can opt to search for a more secure alternative that provides the desired information. 

Back to safety: This choice allows you to bypass the warning and proceed to the website at your own risk. However, it’s important to note that websites without SSL certificates are more susceptible to security breaches, so entering sensitive information like credit card details on such sites is not advisable. 

How to make a connection secure in Chrome? 

To enable “Always use secure connections” in Google Chrome: 

1. Open Google Chrome and click the three-dot menu in the upper-right corner. 
2. Select Settings from the dropdown menu. 
3. Scroll down and click on Privacy and security in the left-hand panel. 

4. Click Security under the Privacy and Security section. 

5. Scroll down and toggle on “Always use secure connections.” 

Once enabled, Chrome will automatically upgrade all HTTP connections to HTTPS and warn you before loading any insecure sites. 

Final thoughts 

Fixing the “Not Secure” warning in Chrome is essential for protecting your website and its visitors. An unsecured website can lead to data breaches, loss of customer trust and reduced search engine rankings. By taking the necessary steps to implement SSL, configure HTTPS correctly and eliminate mixed content issues, you can create a safe browsing experience for your users. 

A secure website builds user trust and credibility. It also improves SEO performance since Google prioritizes HTTPS-enabled sites in search results. Regularly monitoring your SSL certificate’s status and ensuring all web resources are served securely will help maintain your site’s credibility and prevent security warnings from reappearing.   
Take action today to resolve the “Your connection to this site is not secure” warning in Chrome and enhance your website’s security, credibility and performance. 

Make sure your site is fully secure and trusted by visitors. With Bluehost’s free SSL certificate, you can effortlessly enable HTTPS and safeguard your site against security threats. Don’t wait secure your website and eliminate Chrome HTTPS warnings now! 

FAQs