One minute your website's fine. The next, it's displaying a Not Secure warning. Maybe you discovered it by visiting your own website, or perhaps a concerned customer got in touch and pointed it out.
It might present itself as the words Not Secure in front of a URL in the browser bar. Chrome users may get a “your Chrome connection is not secure” warning when trying to go to a website.
Why is my website displaying a not secure warning?
Any website that is not protected by an SSL certificate uses the HTTP protocol instead of the secure HTTPS version. Without that critical "S" in your URL, your website will show a Not Secure warning when viewed in Google Chrome version 68 and later.
Other web browsers like Firefox may display a similar message for HTTP sites.
An SSL certificate creates an encrypted, secure connection between your website and your site visitors.
This tells the world that all exchanges with your website are securely encrypted.
Whether your visitors are submitting their credit card details or a product review, no one else can eavesdrop on the conversation or steal sensitive data.
But what does this mean for your website? And how can you make sure the Not Secure warning isn't displayed?
What does Chrome's Not Secure warning really mean?
If you are seeing the Not Secure warning, don't panic. The presence of the warning itself doesn't indicate that your website has been hacked or infected with a virus or malware.
It simply means that you haven't protected your website with an SSL certificate — which means it's possible for a third-party (aka hackers) to read information transmitted between your website and anyone visiting it.
This is especially important for ecommerce or any site collecting personal data.
In practice, this means that if someone is inputting sensitive information such as payment details or even just their name and address into an unsecured website, there's a chance these details could be seen and misused by someone else.
That's why Google introduced the Not Secure warning — so people visiting a website know whether it's safe to type in their personal details, especially on non-https sites.
But honestly, whether or not they plan to submit private details to your website, seeing the Not Secure warning is likely to send them running.
Once your SSL certificate is installed, the Not Secure warning will disappear.
You’ll also notice that the prefix of your web address changes from HTTP to HTTPS (the “S” stands for secure), and there’s a little padlock in the address bar indicating that your site is now a secure site.
But first, you’ll need to get an SSL certificate.
Why do websites suddenly become not secure?
Websites can suddenly display a Not Secure warning even if nothing appears to have changed on the surface. Common reasons include:
- Expired SSL certificate - SSL certificates have expiration dates and must be renewed regularly.
- Plugin or CMS updates that overwrite HTTPS or security settings.
- Hosting changes or site migrations that remove or misconfigure certificates.
- Mixed content issues - when new scripts, images, or embeds load over HTTP instead of HTTPS.
- Outdated certificate chains that browsers no longer trust.
Browsers now label even informational websites as not secure when HTTPS is missing or misconfigured, regardless of whether a site collects sensitive information.
How can I fix the Not Secure warning?
To fix the Google Chrome Not Secure warning you need to purchase and properly install an SSL certificate.
There are free SSL certificate options — if you have root access to your web server and the technical skills to install them, this may be an option for you.
GoDaddy offers a range of SSL options — all will make the Not Secure warning go away:
- Domain Validation (DV) SSL Certificate - the least expensive option, this is a good choice for one website. With DVs, we verify that you are the legal owner of your domain name.
- Managed DV Certificate - this option requires the least effort, as GoDaddy covers the installation and maintenance.
- Organization Validation (OV) Certificate - this offers a higher level of authentication and credibility than DV certificates, as the business or organisation's existence has been verified by us.
- Wildcard SSL Certificate - strongest encryption in the world (SHA-2 and 2048-bit), covering one website (eg lilysbikes.com) plus all of its servers and sub-pages (shop.lilysbikes.com, blog.lilysbikes.com, m.lilysbikes.com).
- Multi-domain San SSL Certificate - covering up to 100 websites, managed in one place.
- Extended Validation (EV) Certificate - the highest level of validation, an EV is best suited for eCommerce websites or websites that handle sensitive data that hackers love (banking, healthcare, etc).
Check out our SSL Certificates Help section for more information.
What else do I need to do to protect my website?
An SSL certificate encrypts the data being sent to and from your website, but it doesn’t protect your website against malware or DDoS attacks – these are other important security measures to consider for full website security.
Hacking is a major issue for businesses of all sizes.
According to the 2025 Cyber Security Breaches Survey, 43% of businesses and 30% of charities reported having experienced a cyber security breach or attack in 2024. UK attacks cost businesses an average of approximately £1,600.
There are multiple impacts of a security attack. These include:
Economic impact: Revenue can be lost whilst a website is down and there can be extra costs incurred for things like incident remediation, recovery costs, and even potential legal fees.
Reputational damage: A security breach can attract negative media coverage, which could lead to a dreaded loss of customer trust, damaged brand reputation, and a long-term impact on customer acquisition.
Regulatory consequences: Fines could be imposed for failing to protect personal information under GDPR, HIPAA, or Payment Card Industry (PCI-DSS) compliance requirements.
Business disruption: As well as website outages, bot and DDoS attacks can cause slowed performance and operational interruptions that are particularly costly for ecommerce businesses.
If you want to protect your website against hackers, consider using a product like GoDaddy Website Security. The standard package protects one site and includes:
- Daily malware scanning
- A firewall to guard against attacks
- A DV SSL certificate
- One website clean up per year
- Continuous monitoring with daily alerts and updates
The advanced package adds DDoS protection, five clean ups per year and 25GB of secure daily backup, and a Content Delivery Network (CDN) speed boost.
Related: How to protect your website
Are there any other benefits to adding an SSL?
You may have heard that you can boost your search engine optimization by adding an SSL certificate. And although it's true that Google has said https pages may get a small boost in its search engine rankings, you shouldn't expect it to send your site rocketing to first place.
Switching your website to https by installing an SSL certificate is no replacement for conducting good, solid search engine optimisation (SEO). You can read all about SEO in this 8-minute post.
Secure your website now
If you don't want Google's Not Secure warning to appear on your website, then you need to install an SSL certificate as soon as you can. Doing so will also ensure that data transmitted via your website is encrypted, giving your visitors confidence in your site security.
But don't forget, you'll need to go further to make sure your website is protected against hackers and malware.
Regularly update your website security software and consider other security measures for complete protection.
Frequently asked questions
Is it safe to go to a website that says not secure?
A Not Secure warning means the website does not use HTTPS encryption, making it easier for attackers to intercept any information that is shared with that site.
While simply visiting might not always be dangerous, you should avoid entering sensitive data like passwords or credit card details on such sites.
How do I make my website show as secure?
To make your website show as secure, you need to install an SSL certificate and ensure your site loads over HTTPS instead of HTTP. Most web hosts offer easy SSL installation.
Is it safe to be on a website that says not secure?
Browsing a Not Secure website without submitting any personal information is generally low risk, but there’s always potential for data interception or malicious activity. For the best protection, stick to secure websites, especially for any login or transaction pages.
Why is my website showing up as Not Secure even after installing an SSL certificate?
It's possible that your website's SSL certificate has expired or is not installed correctly. Alternatively, a website with a valid SSL certificate can also be labelled as Not Secure if parts of the website are still loading via an insecure HTTP connection (a problem known as 'mixed' content).
This insecure content might include images, video, stylesheets and scripts.
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate encrypts the connection between your website and its visitors, protecting any data exchanged. It also verifies your website’s identity, helping users trust that they’re connecting to the right site.
How important is website security?
Website security is crucial for protecting both your business and your visitors from data breaches, hacking, and other online threats. A secure site also builds trust with users.
What are the risks of submitting personal information on a non-HTTPS site?
Hackers may be able to silently intercept any information sent to and from a non-HTTPS site. This includes logins, passwords, banking details and other personal data.
Armed with this information, the hacker can attempt to break into your accounts or impersonate you in order to commit fraud.
How do I make my WordPress website secure?
Along with installing an SSL certificate, you can make your WordPress site more secure by:
- Choosing a reliable WordPress Hosting solution
- Choosing strong passwords
- Changing the default login URL
- Adding two-factor authentication
- Installing the latest updates for WordPress and your plugins promptly, as these often include the latest security patches
Want to go even further to protect your website? Invest in malware scanning, along with a firewall to turn away suspicious traffic.
