One minute your website's fine. The next, it's displaying a Not Secure warning. Maybe you discovered it by visiting your own website, or perhaps a concerned customer got in touch and pointed it out.
It might present itself as the words Not Secure in front of a URL in the browser bar. Chrome users may get a “your Chrome connection is not secure” warning when trying to go to a website.
However you found out about it, you're undoubtedly asking yourself:
Why is my website displaying a not secure warning?
Any website that is not protected by an SSL certificate uses the HTTP protocol instead of the secure HTTPS version. Without that critical "S" in your URL, your website will show a Not Secure warning when viewed in Google Chrome version 68 and later.
Other web browsers like Firefox may display a similar message for HTTP sites.
An SSL certificate creates an encrypted, secure connection between your website and your site visitors.
This tells the world that all exchanges with your website are securely encrypted.
Whether your visitors are submitting their credit card details or a product review, no one else can eavesdrop on the conversation or steal sensitive data.
But what does this mean for your website? And how can you make sure the Not Secure warning isn't displayed?
What does Chrome's Not Secure warning really mean?
If you are seeing the Not Secure warning, don't panic. The presence of the warning itself doesn't indicate that your website has been hacked or infected with a virus or malware.
It simply means that you haven't protected your website with an SSL certificate — which means it's possible for a third-party (aka hackers) to read information transmitted between your website and anyone visiting it.
This is especially important for ecommerce or any site collecting personal data.
In practice, this means that if someone is inputting sensitive information such as payment details or even just their name and address into an unsecured website, there's a chance these details could be seen and misused by someone else.
That's why Google introduced the Not Secure warning — so people visiting a website know whether it's safe to type in their personal details, especially on non-https sites.
But honestly, whether or not they plan to submit private details to your website, seeing the Not Secure warning is likely to send them running.
Once your SSL certificate is installed, the Not Secure warning will disappear.
You’ll also notice that the prefix of your web address changes from HTTP to HTTPS (the “S” stands for secure), and there’s a little padlock in the address bar indicating that your site is now a secure site.
But first, you’ll need to get an SSL certificate.
How can I fix the Not Secure warning?
To fix the Google Chrome Not Secure warning you need to purchase and properly install an SSL certificate.
There are free SSL certificate options — if you have root access to your web server and the technical skills to install them, this may be an option for you.
GoDaddy offers a range of SSL options — all will make the Not Secure warning go away:
- Domain Validation (DV) SSL Certificate - the least expensive option, this is a good choice for one website. With DVs, we verify that you are the legal owner of your domain name.
- Managed DV Certificate - this option requires the least effort, as GoDaddy covers the installation and maintenance.
- Organization Validation (OV) Certificate - this offers a higher level of authentication and credibility than DV certificates, as the business or organisation's existence has been verified by us.
- Wildcard SSL Certificate - strongest encryption in the world (SHA-2 and 2048-bit), covering one website (eg lilysbikes.com) plus all of its servers and sub-pages (shop.lilysbikes.com, blog.lilysbikes.com, m.lilysbikes.com).
- Multi-domain San SSL Certificate - covering up to 100 websites, managed in one place.
- Extended Validation (EV) Certificate - the highest level of validation, an EV is best suited for eCommerce websites or websites that handle sensitive data that hackers love (banking, healthcare, etc).
You can check out our SSL FAQs for help on setting up your SSL, or just go with a Managed DV Certificate.
What else do I need to do to protect my website?
An SSL certificate encrypts the data being sent to and from your website, but it doesn’t protect your website against malware or DDoS attacks – these are other important security measures to consider for full website security.
Hacking is a major issue for businesses of all sizes.
According to the Cyber Security Breaches Survey, 43% of businesses and 30% of charities reported having experienced a cyber security breach or attack in 2024. UK attacks cost businesses an average of approximately £1,600.
If you want to protect your website against hackers, consider using a product like GoDaddy Website Security. The standard package protects one site and includes:
- Daily malware scanning
- A firewall to guard against attacks
- A DV SSL certificate
- One website clean up per year
- Continuous monitoring with daily alerts and updates
The advanced package adds DDoS protection, five clean ups per year and 25GB of secure daily backup, and a Content Delivery Network (CDN) speed boost.
Related: How to protect your website
Are there any other benefits to adding an SSL?
You may have heard that you can boost your search engine optimization by adding an SSL certificate. And although it's true that Google has said https pages may get a small boost in its search engine rankings, you shouldn't expect it to send your site rocketing to first place.
Switching your website to https by installing an SSL certificate is no replacement for conducting good, solid search engine optimisation (SEO). You can read all about SEO in this 8-minute post.
Summing up
If you don't want Google's Not Secure warning to appear on your website, then you need to install an SSL certificate as soon as you can. Doing so will also ensure that data transmitted via your website is encrypted, giving your visitors confidence in your site security.
But don't forget, you'll need to go further to make sure your website is protected against hackers and malware.
Regularly update your website security software and consider other security measures for complete protection.
Frequently asked questions
Is it safe to go to a website that says not secure?
A "Not Secure" warning means the website does not use HTTPS encryption, making it easier for attackers to intercept any information that is shared with that site.
While simply visiting might not always be dangerous, you should avoid entering sensitive data like passwords or credit card details on such sites.
How do I make my website show as secure?
To make your website show as secure, you need to install an SSL certificate and ensure your site loads over HTTPS instead of HTTP. Most web hosts offer easy SSL installation.
Is it safe to be on a website that says not secure?
Browsing a "Not Secure" website without submitting any personal information is generally low risk, but there’s always potential for data interception or malicious activity. For the best protection, stick to secure websites, especially for any login or transaction pages.
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate encrypts the connection between your website and its visitors, protecting any data exchanged. It also verifies your website’s identity, helping users trust that they’re connecting to the right site.
How important is website security?
Website security is crucial for protecting both your business and your visitors from data breaches, hacking, and other online threats. A secure site also builds trust with users.
