One minute your website’s fine. The next, it’s displaying a Not Secure warning.
Maybe you discovered it by visiting your own website, or perhaps a concerned customer got in touch and pointed it out.
As more website owners become aware of website security risks, seeing a Not Secure message in the address bar can be alarming.
However you found about it, you’re undoubtedly asking yourself:
Why is my website displaying a Not Secure warning?
Any website that is not protected by an SSL certificate (Secure Sockets Layer certificate) uses the HTTP protocol (Hypertext Transfer Protocol) instead of the secure HTTPS version.
When viewed in Google Chrome version 68 and later, it will show a Not Secure warning. Chrome 68 was launched by Google on 24.07.18. Other modern web browsers may display a similar Not Secure message to highlight insecure sites.
But what does this mean for your web page and how can you make sure the Not Secure warning isn’t displayed?
Do better business with Xero - FREE for six months. Xero accounting makes it quicker and easier for small businesses to send invoices, reconcile payments and manage finances. Claim offer.
What does Chrome’s Not Secure warning really mean?
If you are seeing the Not Secure warning, don’t panic.
It simply means that you haven’t protected your website with an SSL certificate or enabled a secure connection.
Without an SSL, it’s possible for a third party - often hackers - to read sensitive information transmitted between your website and anyone visiting it.
This includes personal data, payment information, and even credit card or card numbers.
If your website handles sensitive data such as payment details, names, and addresses, it’s vital you use HTTPS and install an SSL certificate on your website to provide authentication and an encrypted connection.
In practice, this means that if someone is inputting sensitive data such as payment information or even just their name and address into an unsecured website, then there’s a possibility this data could be accessed by someone else and misused by hackers.
That’s why Google has introduced the Not Secure warning – so site visitors know whether it’s safe to enter their personal data.
How can I fix the Not Secure warning?
To fix the Google Chrome Not Secure warning you need to purchase and properly install an SSL certificate from a trusted certificate authority.
Alternately, if you have tech skills and can install it yourself, you could get a free SSL certificate through one of the free providers, then install it on your web server or via your web hosting account.
An SSL certificate means that any information that passes between your website and people visiting it is protected by a secure, encrypted connection. This protects your site security and helps prevent cyberattacks.
That’s probably all you really need to know about SSL certificates at this stage, but if you want to know more you can read this guide on how to protect your brand and your customers with an SSL certificate.
Once your SSL certificate is installed, the Not Secure warning will disappear.
You’ll also notice that the prefix of your web url changes from http to https (the “s” stands for secure), and there’s a little padlock in the address bar indicating that your site is a secure site.
But first, you’ll need to get an SSL certificate. GoDaddy offers a range of SSL certificate options, so you’ll be able to find one that’s right for you. Many hosting providers also offer SSL certificates as part of their packages.
Speak to the GoDaddy Guides any time day or night about setting up your SSL.
What else do I need to do to protect my website?
An SSL certificate encrypts the data being sent through your website, but it doesn’t protect your website against malware or DDoS attacks or other vulnerabilities..
Hacking is a major issue for Australian businesses, as evidenced by the recent Optus attack that exposed the private data of millions of Australian telecoms subscribers.
If you want to protect your website against hackers and malware, consider using a product like GoDaddy Website Security.
This can add a firewall to prevent suspicious traffic and provide regular scans for malware.
- The standard package protects one site and includes a firewall to turn away suspicious traffic, an SSL certificate, malware scanning and annual site clean up.
- The Advanced package adds DDoS protection, unlimited clean ups for your site and 25GB of secure backup.
- GoDaddy's Premium plan adds prioritized cleanup and repair and 200GB of backup.
Are there any other benefits to adding an SSL?
You may have heard that you can boost your search rankings by adding an SSL certificate. And although it’s true that Google has said https pages may get a small boost in its search engine rankings, you shouldn’t expect it to send your site rocketing to first place.
Switching your website to https by installing an SSL certificate is no replacement for conducting good, solid SEO. You can learn more about improving your SEO rankings in this guide.
Summing up
If you don’t want Google’s Not Secure warning to appear on your website, then you need to install an SSL certificate as soon as you can. Doing so will also ensure that data transmitted via your website is encrypted.
But don’t forget, you’ll need to go further and implement additional security measures to make sure your website is more fully protected against hackers and malware.
Why is my website displaying a not secure warning FAQ
Still have questions? The answers might be here.
Is it safe to go to a website that says Not Secure?
No, it's probably not safe. It doesn't mean the website has necessarily been compromised or infected by malware or hackers, only that your web browser's connection to the website is not protected by encryption or a secure connection.
This means any information you submit to the website might be visible to outsiders, which could include hackers looking to steal passwords, credit card details and other private personal information.
How do I fix a Not Secure website error?
You need to install an SSL certificate on your website. This empowers the website to create a secure encrypted connection to people's web browser when they visit your site.
Once the SSL certificate is installed, the prefix of your website will change from HTTP to HTTPS. The visitor’s browser will also display a padlock in the address bar to indicate your website is a secure site.
You also need to check that all the elements on your website are loading via an HTTPS connection. If some elements (like images or scripts) still use HTTP URLs, this is called mixed content and can still trigger a Not Secure warning.
What are the risks of submitting personal information on a non-HTTPS site?
Hackers may be able to silently intercept any information sent to and from a non-HTTPS site. This includes logins, passwords, banking details and other personal data.
Armed with this information, the hacker can attempt to break into your accounts or impersonate you in order to commit fraud.
Not worth the risk.
Why do I keep getting messages that websites are Not Secure?
The website does not have a valid SSL certificate, either because the certificate:
- Is incorrectly installed
- Has expired
- Was never installed in the first place
The web browser is warning you that any information you exchange with the website could be intercepted. Even with a valid SSL certificate, some parts of the website might still be loading via an insecure HTTP connection (mixed content).
The level of danger depends on which parts of the page are insecure, so it's best to play it safe and not use the site.
What happens if you visit an unsecure website?
It is possible that hackers are silently monitoring and storing any personal data you exchange with the website, which they will likely use for theft or identity fraud.
It's also possible that they could attempt to install a malware or other malicious software on your computer, such as a keyboard logger that records your passwords.
How to fix WordPress site not secure warning?
You need to install, correctly configure or renew the website's SSL certificate.
One of the easiest ways to install and manage SSL certificates in WordPress is to use a plugin like the Really Simple SSL plugin. This plugin can supply you with an SSL certificate or let you install and configure one supplied by your hosting provider or a trusted third party.
How do I make my WordPress website secure?
Along with installing an SSL certificate, you can make your WordPress site more secure by:
- Choosing a reliable WordPress Hosting solution
- Choosing strong passwords - Learn how to create a strong password here
- Changing the default login URL
- Adding two-factor authentication
- Installing the latest updates for WordPress and your plugins promptly, as these often include the latest security patches
Want to go even further to protect your website? Invest in malware scanning, along with a firewall to turn away suspicious traffic.
Why does Chrome display a Not Secure warning?
Google Chrome displays the 'Connection is not secure' or 'Your connection is not private' warning if a website does not have a valid SSL certificate installed.
This means the connection isn't a secure, encrypted connection and any information you exchange with the website could be intercepted by hackers.
To fix the Chrome not secure warning, install an SSL certificate on your website and/or blog. Use tools like Google Search Console to monitor your site's health and site security.
How do I get an SSL certificate for my website?
The easiest way to get an SSL certificate for your website is to check with your web hosting provider. Many hosting packages include an SSL certificate. Otherwise your hosting provider might offer free and/or paid SSL certificate options.
How do I enable non-secure sites in Chrome?
If you are absolutely sure a non-secure website is safe, you can click on Advanced and then Proceed to the website.
But this is generally not a good idea.
When visiting the website, Chrome will still display 'Not Secure' in the address bar, along with HTTPS crossed out with red lines.
Does having an SSL certificate improve SEO?
Yes, but only slightly. Google considers an SSL certificate when assessing the trustworthiness of a site. It downranks http sites in search results in order to protect people surfing the web and encourage website owners to install SSL certificates.
Why is my website showing up as Not Secure even after installing an SSL certificate?
It is possible that your website's SSL certificate has expired or is not installed correctly. A website with a valid SSL certificate can also be labelled as Not Secure if parts of the website are still loading via an insecure HTTP connection (a problem known as 'mixed' content).
This insecure content might include images, video, stylesheets and scripts.
What are the risks of using a website that is not HTTPS?
The biggest risk of using a website that does not use a secure HTTPS connection is that any information sent between you and the website is not shielded by encryption.
This means hackers might be spying on your every move, taking down sensitive details like your passwords and payment details.
Another risk is that the website might attempt to install malware or spyware on your computer.
What causes a website to be marked as "Not Secure" in web browsers?
The lack of a valid SSL certificate causes a website to be marked as "Not Secure". It can also appear if the website has a valid SSL certificate but some of the site's content still loads via an insecure HTTP connection.
What are the risks of using a website with a 'Not Secure' warning?
Using a website that displays a 'Not Secure' warning risks having your sensitive personal information stolen by hackers. This includes your logins, passwords and payment details such as credit card numbers or bank account details.
The website may also attempt to infect your computer with spyware to steal this and other personal information.
By securing your website with an SSL certificate and implementing robust security measures, you not only protect your site visitors and their sensitive information, but you also improve your SEO, search engine rankings, and gain the trust of your audience.
Do I need an SSL certificate?
Yes, you need an SSL certificate to ensure your website has a secure connection and protects sensitive information, such as personal data and payment details, from hackers.
Additionally, having an SSL certificate improves your website security, boosts trust with site visitors, and can positively impact your SEO and search engine rankings.
