For more than a decade, Google has spearheaded numerous efforts and initiatives, such as the Safe Browsing Project, aimed at making the internet safer for everyone. One way Google is doing this is by labeling all HTTP websites as “not secure.” By flagging HTTP sites in this way, visitors receive ample warning to navigate away when visiting unsafe, suspicious, or simply unsecured sites when doing a simple google search.
Why Chrome Displays a “Website Not Secure” Message on Websites
Google’s Chrome browser used to display a green padlock in the search bar for secure sites. When it came to unsecured sites, however, users had to click a small icon that appeared in the search bar in place of the green padlock. Doing so would show a text bubble saying, “Your connection to this site is not secure.” This warning error message would often deter visitors from continuing to use the website, which is why having a secure message in the address bar can have a major impact on a site’s overall image and reputation.
With the release of Chrome 68, Google started displaying a green padlock on all HTTPS sites. Chrome deems all HTTP sites as insecure since a third-party can intercept data transmitted between such websites and users and servers.
SSL certifications provide websites with the encryption they need to enable safe communication between servers and users/browsers without exposing data to external third-parties. Due to the ease with which malicious actors can hack unsecured systems, Google advises internet users not to share confidential information on unencrypted websites. A secure HTTPS-certified site can protect your data from such risks by providing you with a secure data transmission tunnel between your browser and the server/website you are visiting or accessing.
How To Fix the “Website Not Secure” Message in Chrome
The best way to fix the “not secure” message on your website is to set up an SSL certificate. Doing so is a reasonably straightforward process. Here is what you need to do when installing SSL security:
1. Purchase an SSL Certificate
To fix the ‘not secure’ message on your website, the first thing you need to do is purchase an SSL certificate. Many vendors, such as Bluehost, Namecheap, GoDaddy, and others, provide these certificates. Buying and installing an SSL certificate will certify that your website is safe when people are using a search engine. In addition to removing the message, you can purchase certificates, such as an Organization Validated (OV) SSL certificate, that indicate to your visitors that your site and other content is trustworthy as well by proving that you are who you say you are. You can choose the SSL certificate you need based on the type of site you are running. Once you have installed your SSL certificate, you will no longer have the warning message for your site when visitors search you in their search engine.
2. Install the Certificate Using Your Web Host
After buying your SSL certificate, the next step is to head over to your web host admin panel and install it. Some web hosts sell SSL certificates. To make it easier for you to buy and install one, you can purchase the certificate you need directly from your web host if they offer such services.
When you visit your web host, head over to the SSL tab, and click on the ‘Install’ button. A list of the SSL certificates available to you will be displayed. Select the SSL certificate you wish to install and add it to the domain of your choice. Paste the contents of your certificate text into the provided fields. After filling out the fields, click on the install button, and your certificate will be installed instantly. Keep in mind, however, that it may take a few hours for your changes to populate across the internet and be visible to your visitors.
3. Change Your WordPress URL
It feels good that your site now has a brand-new SSL certificate, doesn’t it? However, completing the steps above is just the first part of the process of eliminating a “not secure” message from popping up whenever someone visits your website. That’s because, if you are running a WordPress site, it will continue to load your old HTTP URL, which means you need to change your URL before it can run as HTTPS.
To change your WordPress URL to HTTPS, log in to your WordPress dashboard, and head over to the settings tab. Navigate to the “General” tab and look for WordPress Address (URL) and Site Address (URL). Change both of them to HTTPS by adding the EXTRA ‘S’ to HTTP. Save your changes, and you are ready to go.
4. Implement a Site-Wide 301 Redirect
Although you have changed your website URL to HTTPS, most visitors know your site with the HTTP tag. They might have bookmarked your website or use the old link to visit your site whenever they want to.
To tackle this problem, you need to instruct WordPress to redirect all HTTP traffic to your new HTTPS URL. There are numerous ways to redirect your entire website, but the 301 Redirect is the most popular way to do it. You can use plugins, such as Really Simple SSL, to carry out a site-wide redirect. These plugins force WordPress to load traffic over HTTPS instead of the HTTP that most visitors know you by.
You can also carry out a 301 site-wide redirect manually to avoid problems if the plugin fails. To do that, you will need to have an FTP client such as FileZilla. Executing a manual redirect is actually a lot more reliable than rebooting your site to use HTTPS in place of HTTP.
Why It Is Fundamental to Have a Secure Site
For those of you who may be setting up a website for the first time, here are some of the key differences between HTTP and HTTPS sites:
1. Extra secure—HTTP is not ideal in terms of security. The HTTP protocol is susceptible to man-in-the-middle (MITM) attacks. Meaning, that the protocol does not provide the best way to share sensitive information since anyone with access to your connection can intercept data passed over it. HTTPS, on the other hand, is heavily encrypted, and any communication between a user and a server is highly secure. When your website is secured using HTTPS, users can share sensitive data on your site since they know that their information will be safe while in transit between their browser and your server.
2. Increase (or at least maintain) traffic—Google Chrome indicates the security level of a site to its visitors. It warns them whenever they try to access HTTP sites that are not secure. With HTTP, many of your would-be visitors would likely navigate elsewhere. With HTTPS, however, things are different. Chrome displays a green padlock symbol, which indicates that your site is secure. Users tend to trust such websites and would be more likely to interact with or share relevant data with a secure site.
3. Trust—Using the HTTPS protocol over HTTP indicates that you take security very seriously. Data breaches and internet fraud are all too common. As a result, the average internet user is a lot more cautious about the sites they visit than they likely were in the past. The HTTPS protocol will help build trust between you and your visitors since they know you care about the security and confidentiality of data that they may share with you.
At the very least, the “HTTPS Not Secure” message in Chrome can be annoying. Unfortunately, it can also cause you to lose customers, fall in search rankings, and suffer an online attack. Fix it by purchasing an SSL certificate and installing it on your site. Doing so will help build trust between you and your customers, drive more traffic to your website, and boost your credibility with your target audiences.