For more than a decade, Google has spearheaded numerous efforts and initiatives, such as the Safe Browsing Project, aimed at making the internet safer for everyone. One way Google is doing this is by labeling all HTTP websites as “not secure.” By flagging HTTP sites in this way, visitors receive ample warning to navigate away when visiting unsafe, suspicious, or simply unsecured sites when doing a simple Google search.
If you’re wondering how to fix the “https not secure” message in Chrome, then this article is for you. Keep reading to find out the ways to make HTTPS secure.
Why Chrome displays a “Website not secure” message on websites?
Google’s Chrome browser is used to display a green padlock in the search bar for secure sites. When it came to unsecured sites, however, users had to click a small icon that appeared in the search bar in place of the green padlock. Doing so would show a text bubble saying, “Your connection to this site is not secure.” This warning error message would often deter visitors from continuing to use the website, which is why having a secure message in the address bar can have a major impact on a site’s overall image and reputation.
With the release of Chrome 68, Google started displaying a green padlock on all HTTPS sites. Chrome deems all HTTP sites as insecure since a third-party can intercept data transmitted between such websites and users and servers.
SSL certifications provide websites with the encryption they need to enable safe communication between servers and users/browsers without exposing data to external third parties. Due to the ease with which malicious actors can hack unsecured systems, Google advises internet users not to share confidential information on unencrypted websites. A secure HTTPS-certified site can protect your data from such risks by providing you with a secure data transmission tunnel between your browser and the server/website you are visiting or accessing.
How to fix the “Website not secure” message in Chrome?
The best way to fix the “not secure” message on your website is to set up an SSL certificate. Doing so is a reasonably straightforward process. Here is what you need to do when installing SSL security:
Step1: Purchase an SSL certificate
To fix the ‘not secure’ message on your website, the first thing you need to do is purchase an SSL certificate. Many vendors, such as Bluehost, Namecheap, GoDaddy, and others, provide these certificates. Buying and installing an SSL certificate will certify that your website is safe when people are using a search engine. In addition to removing the message, you can purchase certificates, such as an Organization Validated (OV) SSL certificate, that indicate to your visitors that your site and other content are trustworthy as well by proving that you are who you say you are. You can choose the SSL certificate you need based on the type of site you are running. Once you have installed your SSL certificate, you will no longer have the warning message for your site when visitors search for you in their search engine.
Step 2: Install the certificate using your web host
After buying your SSL certificate, the next step is to head over to your web host admin panel and install it. Some web hosts sell SSL certificates. To make it easier for you to buy and install one, you can purchase the certificate you need directly from your web host if they offer such services.
When you visit your web host, head over to the SSL tab, and click on the ‘Install’ button. A list of the SSL certificates available to you will be displayed. Select the SSL certificate you wish to install and add it to the domain of your choice. Paste the contents of your certificate text into the provided fields. After filling out the fields, click on the install button, and your certificate will be installed instantly. Keep in mind, however, that it may take a few hours for your changes to populate across the internet and be visible to your visitors.
Step 3: Change your WordPress URL
It feels good that your site now has a brand-new SSL certificate, doesn’t it? However, completing the steps above is just the first part of the process of eliminating a “not secure” message from popping up whenever someone visits your website. That’s because, if you are running a WordPress site, it will continue to load your old HTTP URL, which means you need to change your URL before it can run as HTTPS.
To change your WordPress URL to HTTPS, log in to your WordPress dashboard, and head over to the settings tab. Navigate to the “General” tab and look for WordPress Address (URL) and Site Address (URL). Change both to HTTPS by adding the EXTRA ‘S’ to HTTP. Save your changes, and you are ready to go, but you must have an SSL certificate to get rid of the error message.
Step 4: Implement a site-wide 301 redirect
Although you have changed your website URL to HTTPS, most visitors know your site with the HTTP tag. They might have bookmarked your website or use the old link to visit your site whenever they want to.
To tackle this problem, you need to instruct WordPress to redirect all HTTP traffic to your new HTTPS URL. There are numerous ways to redirect your entire website, but the 301 Redirect is the most popular way to do it. You can use plugins, such as Really Simple SSL, to carry out a site-wide redirect. These plugins force WordPress to load traffic over HTTPS instead of the HTTP that most visitors know you by.
You can also carry out a 301 site-wide redirect manually to avoid problems if the plugin fails. To do that, you will need to have an FTP client such as FileZilla. Executing a manual redirect is a lot more reliable than rebooting your site to use HTTPS in place of HTTP. Setting up an SSL redirect doesn’t have to be scary!
Why it is fundamental to have a secure site?
For those of you who may be setting up a website for the first time, here are some of the key differences between HTTP and HTTPS sites:
Extra secure: HTTP is not ideal in terms of security. The HTTP protocol is susceptible to man-in-the-middle (MITM) attacks. Meaning, that the protocol does not provide the best way to share sensitive information since anyone with access to your connection can intercept data passed over it. HTTPS, on the other hand, is heavily encrypted, and any communication between a user and a server is highly secure. When your website is secured using HTTPS, users can share sensitive data on your site since they know that their information will be safe while in transit between their browser and your server.
Increase (or at least maintain) traffic: Google Chrome indicates the security level of a site to its visitors. It warns them whenever they try to access HTTP sites that are not secure. With HTTP, many of your would-be visitors would likely navigate elsewhere. With HTTPS, however, things are different. Chrome displays a green padlock symbol, which indicates that your site is secure. Users tend to trust such websites and would be more likely to interact with or share relevant data with a secure site.
Trust: Using the HTTPS protocol over HTTP indicates that you take security very seriously. Data breaches and internet fraud are all too common. As a result, the average internet user is a lot more cautious about the sites they visit than they likely were in the past. The HTTPS protocol will help build trust between you and your visitors since they know you care about the security and confidentiality of data that they may share with you.
How to enable non-secure sites in Chrome?
Despite its potential risks, many websites still do not implement HTTPS. Consequently, when a visitor lands on such a website, they are confronted with warning messages.
If you want to prevent these warning messages from appearing, follow these steps in Google Chrome:
- Open a new Google Chrome window.
- In the address bar, enter “chrome://flags.”
- In the search field on the Flags page, type “secure.”
- Look for an option that allows you to bypass the warning notices.
Alternatively, you can choose to disregard the warning notice when you visit a website without an SSL certificate. You’ll be presented with two options:
- Advanced: This option is for individuals who prefer not to proceed to the insecure website. They can opt to search for a more secure alternative that provides the desired information.
- Back to safety: This choice allows you to bypass the warning and proceed to the website at your own risk. However, it’s important to note that websites without SSL certificates are more susceptible to security breaches, so entering sensitive information like credit card details on such sites is not advisable.
How to make a connection secure in Chrome?
To activate “Always Use Secure Connections” in Google Chrome, follow these steps:
- Open a fresh Chrome browser window, and then click the three dots located in the upper right corner. Next, select “Settings.”
- Navigate to the “Privacy and Security” section by clicking on “Advanced Settings.”
- You can enable the “Always Use Secure Connections” option in this section.
Once this option is enabled, you will receive a warning notice when visiting potentially hazardous websites to ensure your online safety.