On July 24, 2018, Google Chrome began displaying a "Not Secure" warning next to the website in the address bar if the site was not secured with HTTPS. This change has remained, and other browsers have followed Google's footsteps.
If you're reading this, you might be wondering, "What does it mean when a site is not secure?" Let's explore what it actually means to website owners and marketers.
The internet. Such a beautiful thing. Yet, like a wild animal, it can sometimes be dangerous. If you’ve been online for even a short amount of time, you probably know that sometimes bad things can happen to good websites.
Start your security journey with Website Security.
What does it mean when a site is not secure?
If you're seeing the warning “Not Secure” in front of your domain name, you might think your site has been compromised. However, it may just mean that your website’s security isn’t up to Google's standards.
As explained in this article on securing your website, any website accessed with this version of Chrome will display a “Not Secure” warning if it does not use a secure connection (HTTPS). This is part of Google's initiative to make the web more secure.
If you're seeing the Not Secure error, it likely means that your site doesn’t have SSL certificate and is not using the HTTPS protocol. The notification does not mean that your site is compromised or not functioning correctly.
About Google's "Not Secure" warning
Let’s take a moment to dig a bit deeper into the meaning of the “Not Secure” warning.
Is SSL only for ecommerce sites?
It used to be that only websites handling payments needed SSLs. However, SSL encryption protects all information that passes through the browser to the server, including logins and passwords, and even web admin credentials.
With the Not Secure warning, it doesn’t matter whether the site handles sensitive data. All websites need to use SSL encryption to ensure secure transfer of information.
Can I use a free SSL certificate?
Yes, as long as your hosting provider allows you to install them. For GoDaddy hosting, you can install either option on our cPanel Hosting plans.
What are self-signed SSL certificates?
Self-signed SSL certificates are created and signed by the website owner rather than a trusted Certificate Authority (CA). Because they are not verified by a recognized third party, web browsers do not trust them, which can trigger "Not Secure" warnings.
To ensure your website is trusted by browsers, it’s recommended to use SSL certificates issued by reputable CAs.
Is this just for Chrome or will Firefox and other browsers do this too?
Yes, this is a requirement of all major browsers at this time.
Does the not secure warning only affect GoDaddy websites?
No, it doesn’t matter where your site is hosted; this impacts all websites. You can get an SSL certificate from GoDaddy and in our Help Center, you can find more information about how to download the SSL files and manually install the SSL as well.
I have multiple websites and cannot afford to buy many SSL certificates
Customers with multiple websites can consider the Multiple Domains SSL Certificate, also known as SANs (Subject Alternative Names) SSL Certificate.
This type of certificate allows you to buy a single SSL that can protect multiple websites, saving money and time. You only need to manage one SSL for all your websites.
How is GoDaddy’s SSL different from free SSL solutions?
The key differences between free and paid SSLs are customer support and the range of certificates available. Most free SSLs are DIY solutions, meaning you need to install and troubleshoot on your own. Because SSL can be complex, you might spend hours or days to get it working properly.
GoDaddy not only provides 24/7 hands-on help, but we also automatically install the certificate for you if your site is hosted with us, saving you time and hassle. We offer a full range of SSL certificates depending on your website's needs, all coming with full support.
What are EV SSL certificates?
EV SSL certificates display the organization’s name in the browser, enhancing user trust beyond the basic padlock icon.
Why Doesn’t GoDaddy Offer Free SSL with Its Hosting Services?
We believe in a safe internet and support every website to be secure. We include SSLs in multiple hosting and website services. These products are GoDaddy's website builder, WordPress Hosting, and Web Hosting. Our SSLs are fully integrated, requiring little to no work to install. The minute you publish your site, SSL is enabled and your site is protected. We’re working to integrate SSL into more hosting products.
Understanding HTTPS and its port usage
HTTPS operates on port 443, differentiating it from HTTP, which uses port 80. This distinction helps ensure secure data transmission between a web server and a web browser.
SEO benefits of HTTPS
Implementing HTTPS enhances your website’s trustworthiness by ensuring secure data transmission between your server and users’ browsers. Modern browsers like Google Chrome flag non-HTTPS websites as "Not Secure," which can negatively impact user perception and engagement.
By adopting HTTPS, you not only protect your users’ data but also align with best practices that search engines may favor, potentially improving your site’s visibility in search rankings.
FAQs about HTTPS and the “Not Secure” warning
What is HTTPS?
HTTPS is a secure way to send data between a web server and a web browser. It is the secure version of HTTP, the primary protocol used to send data between a web browser and a website. HTTPS is encrypted to increase the security of data transfers, particularly when users transmit sensitive data.
Why is HTTPS important for all types of websites?
HTTPS is important for all types of websites because it encrypts data transmitted between the server and the user's browser, ensuring that sensitive information remains secure. This encryption protects against data interception and breaches, enhancing the overall cybersecurity of the website.
How does HTTPS contribute to overall cybersecurity?
HTTPS contributes to overall cybersecurity by encrypting traffic between the web server and the browser. This makes it difficult for attackers to intercept or manipulate data, thereby protecting user data and maintaining the integrity of the website.
How does HTTPS work?
HTTPS uses an encryption protocol called Transport Layer Security (TLS) to secure communications between a web server and a web browser. It employs an asymmetric public key infrastructure, using a private key controlled by the website owner and a public key available to users.
Information encrypted with the public key can only be decrypted by the private key.
How can I implement HTTPS on my website?
To implement HTTPS on your website, you need to obtain a TLS/SSL certificate from a hosting provider or a certificate authority. Some hosting providers offer free SSL certificates, while others provide paid options. Once you have the certificate, install it on your web server, and configure your website to use HTTPS.
