Yellow tape with the word CAUTION covering a door
Image Credit: Photo by Elizabeth Kay on Unsplash

Why is my website displaying a not secure warning?

DevelopmentCategory
10 min read
Will Stevens

One minute your website’s fine. The next, it’s displaying a Not Secure warning. Maybe you discovered it by visiting your own website, or perhaps a concerned customer got in touch and pointed it out.

However you found about it, you’re undoubtedly asking yourself:

Why is my website displaying a Not Secure warning?

Any website that is not protected by an SSL certificate uses the HTTP protocol instead of the secure HTTPS protocol. When viewed in Google Chrome version 68 and later, it will show a Not Secure warning. Chrome 68 was launched by Google on 24.07.18. Other modern browers may display a similar message.

But what does this mean for your website and how can you make sure the Not Secure warning isn’t displayed?

You may also like: Cybersecurity a rising concern for Canadians

What does Chrome’s Not Secure warning really mean?

If you are seeing the Not Secure warning, don’t panic. The presence of the warning itself

It simply means that you haven’t protected your website with an SSL certificate.

Without an SSL, it’s possible for someone else to intercept and read information transmitted between your website and anyone visiting it.

If your website handles sensitive information such as payment details or names and addresses, it’s vital you use an SSL certificate on your website.

Avoid the Not Secure warning

In practice, this means that if someone is inputting sensitive data such as payment information or even just their name and address into an unprotected website, then there’s a possibility this data could be accessed by someone else and misused.

That’s why Google has introduced the Not Secure warning – so people visiting a website know whether it’s safe to enter their personal details.

How can I fix the Not Secure warning?

To fix the Google Chrome Not Secure warning you need to purchase and properly install an SSL certificate. If you have tech skills and can install it yourself, you could get a free SSL certificate through one of the free providers.

An SSL certificate means that any data that passes between your website and people visiting it is encrypted, so it can’t be accessed by an outsider.

That’s probably all you really need to know about SSL certificates at this stage, but if you want to know more you can read this guide.

Once your SSL certificate is installed, the Not Secure warning will disappear.

Google Chrome address bar

You’ll also notice that the prefix of your web address changes from http to https (the “s” stands for secure). You'll also see a little icon in the address bar indicating that your site is secure.

But first, you’ll need to get an SSL certificate. GoDaddy offers a range of SSL options, so you’ll be able to find one that’s right for you.

Speak to a GoDaddy Guide any time day or night about setting up your SSL.

What else do I need to do to protect my website?

An SSL certificate encrypts the data being sent through your website, but it doesn’t protect your website against malware or DDoS attacks.

Hacking is a major issue for Canadian businesses, as evidenced by the recent Mercku attack that vicitimised customers of the company. Those who create a support ticket through Mercku’s Zendesk portal received automated emails that try to trick them into granting access to their Metamask cryptocurrency account.

If you want to protect your website against hackers, consider using a product like GoDaddy Website Security.

  • The standard package protects one site and includes a firewall to turn away suspicious traffic, an SSL certificate, malware scanning and annual site clean up.
  • The Advanced package adds DDoS protection, five clean ups/year for one site and 25GB of secure backup.
  • GoDaddy's Premium plan adds unlimited cleanup and repair with priority service.

You may also like: 7 ecommerce security tips from the GoDaddy pros

Are there any other benefits to adding an SSL?

You may have heard that you can boost your search rankings by adding an SSL certificate. And although it’s true that Google has said https pages may get a small boost in its search engine rankings, you shouldn’t expect it to send your site rocketing to first place.

Switching your website to https by installing an SSL certificate is no replacement for conducting good, solid SEO. You can learn more improving you SEO rankings in this guide.

Summing up

If you don’t want Google’s Not Secure warning to appear on your website, then you need to install an SSL certificate as soon as you can. Doing so will also ensure that data transmitted via your website is encrypted.

But don’t forget, you’ll need to go further to make sure your website is more fully protected against hackers.

Why is my website displaying a not secure warning FAQ 

 Still have questions? The answers might be here. 

Is it safe to go to a website that says Not Secure? 

No, it's probably not safe. It doesn't mean the website has necessarily been compromised or infected by hackers, only that your web connection to the website is not protected by encryption.  

This means any information you submit to the website might be visible to outsiders, which could include hackers looking to steal passwords, payment details and other private personal information. 

How do I fix a Not Secure website error? 

You need to install an SSL certificate on your website. This empowers the website to create a secure encrypted connection with people's web browser when they visit your site.  

Once the SSL certificate is installed, the prefix of your website will change from HTTP to HTTPS. The visitor’s browser will also display a tiny icon in the address bar to indicate your website is secure.  

You also need to check that all the elements on your website are loading via an HTTPS connection. Learn how here

You may also like: How to install an SSL on cPanel

What are the risks of submitting personal information on a non-HTTPS site? 

Hackers may be able to silently intercept any information sent to and from a non-HTTPS site. This includes logins, passwords, banking details and other personal information.

Armed with this information, the hacker can attempt to break into your accounts or impersonate you in order to commit fraud. 

Not worth the risk. 

Why do I keep getting messages that websites are Not Secure? 

The website does not have a valid SSL certificate, either because the certificate: 

  • Is incorrectly installed 
  • Has expired  
  • Was never installed in the first place 

The web browser is warning you that any information you exchange with the website could be intercepted. Even with a valid SSL certificate, some parts of the website might still be loading via an insecure HTTP connection. 

The level of danger depends on which parts of the page are insecure, so it's best to play it safe and not use the site. 

What happens if you visit an unsecure website? 

It is possible that hackers are silently monitoring and storing any personal data you exchange with the website, which they will likely use for theft or identity fraud.  

It's also possible that they could attempt to install a virus or other malicious software on your computer, such as a keyboard logger that records your passwords. 

How to fix WordPress site not secure warning? 

You need to install, correctly configure or renew the website's SSL certificate.  

One of the easiest ways to install and manage SSL certificates in WordPress is to use the Really Simple SSL plugin. This plugin can supply you with an SSL certificate or let you install and configure one supplied by your hosting provider or a trusted third party. 

How do I make my WordPress website secure? 

Along with installing an SSL certificate, you can make your WordPress site more secure by: 

  • Choosing strong passwords - Learn how here 
  • Changing the default login URL 
  • Adding two-factor authentication  
  • Installing the latest updates for WordPress and your plugins promptly, as these often include the latest security patches 

Want to go even further to protect your website? Invest in malware scanning, along with a firewall to turn away suspicious traffic.  

Why Chrome displays Not Secure warning? 

Chrome displays the 'Connection is not secure' or 'Your connection is not private' warning if a website does not have a valid SSL certificate installed.  

This means the connection is not a securely encrypted and any information you exchange with the website could be intercepted by hackers.  

If you come across this warning, it's best to leave the site.

To fix the Chrome Not Secure warning on a website you control, install an SSL certificate on your website and/or blog. 

How do I get an SSL certificate for my website? 

The easiest way to get an SSL certificate for your website is to check with your web hosting provider. Many hosting packages include an SSL certificate. Otherwise your hosting provider might offer free and/or paid SSL certificate options. 

How do I enable non-secure sites in Chrome? 

If you are absolutely sure a non-secure website is safe, you can click on Advanced and then Proceed to the website.  

But this is generally not a good idea.  

When visiting the website, Chrome will still display 'Not Secure' in the address bar, along with HTTPS crossed out with red lines. 

Does having an SSL certificate improve SEO? 

Yes, but only slightly. Google considers an SSL certificate when assessing the trustworthiness of a site. It downranks websites without SSLs in search results in order to protect people surfing the web and encourage website owners to install SSL certificates. 

Why is my website showing up as Not Secure even after installing an SSL certificate? 

It is possible that your website's SSL certificate has expired or is not installed correctly. A website with a valid SSL certificate can also be labelled as Not Secure if parts of the website are still loading via an insecure HTTP connection (a problem known as 'mixed' content).  

This insecure content might include images, video, stylesheets and scripts. 

What are the risks of using a website that is not HTTPS? 

The biggest risk of using a website that does not use a secure HTTPS connection is that any information sent between you and the website is not shielded by encryption. 

This means hackers might be spying on your every move, taking down sensitive details like your passwords and payment details.  

Another risk is that the website might attempt to install malicious software like spyware on your computer. 

What causes a website to be marked as "Not Secure" in web browsers? 

The lack of a valid SSL certificate causes a website to be marked as "Not Secure." It can also appear if the website has a valid SSL certificate but some of the site's content still loads via an insecure HTTP connection. 

What are the risks of using a website with a 'Not Secure' warning? 

Using a website that displays a 'Not Secure' warning risks having your sensitive personal information stolen by hackers. This includes your logins, passwords and payment details such as credit card numbers or bank account details.  

The website may also attempt to infect your computer with spyware to steal this and other personal information.  

Adam Turner contributed to this post.

Products Used