With Google’s help, finding answers to our problems is easy — and typically possible within a matter of seconds. However, if we’re not careful, we may also be putting ourselves at risk in the same short timeframe. When we visit Hypertext Transfer Protocol (HTTP) websites, the information we send and receive is not protected. As a result, any sensitive data we share on our website browser — such as passwords and credit card information — is at risk of being stolen, read, or modified by attackers, hackers, and internet infrastructure organizations.
Fortunately, Google Chrome has been working hard to make the internet a safer place to be. Chrome now marks all HTTP sites as “Not Secure” in the address bar and provides various alerts about the security level of a website’s connection. Some of these warnings can deter website visitors from continuing to access the website.
No website publisher wants to see a decrease in their website traffic. As a result of Google’s initiative, website owners should adopt the Hypertext Transfer Protocol Secure (HTTPS) protocol to secure their site. When a website utilizes a Secure Sockets Layer (SSL) security certificate, the HTTPS protocol replaces HTTP on its web server. Easily identified via a padlock in the address bar, an HTTPS connection encrypts a website visitor’s connection, making it safer to communicate sensitive information.
As a website owner, there’s no better time to transition to HTTPS. Here’s everything you should know about making a secure website.
What a “Website Not Secure” Message Means in Chrome
When Google determines that a website uses HTTP, the site starts displaying a “Website Not Secure” message. These sites are susceptible to man-in-the-middle attacks — or attacks by third parties during data transmission between the website, the user, and the server.
A website visitor receives two different alerts when visiting an insecure web page: the “Not Secure” warning in the address bar and a pop-up that provides additional information. Unlike HTTPS, insecure sites lack the encryption and security of having an SSL certificate.
When Google marks a site as being “Not Secure,” its overall image and reputation are at risk. Website visitors are no longer confident about the site’s security and may be hesitant to make purchases with credit cards, send messages, or upload confidential documents. Upon seeing the browser notification alerts, some website visitors may decide to leave their sessions early.
HTTPS-certified sites provide both encryption and authentication, resulting in a secure connection. Depicted by a green padlock symbol in the address bar, HTTPS sites allow for safe data transmission between servers, users, and browsers.
How to Fix a “Website Not Secure” Message in Chrome
For website owners operating insecure sites, making the transition to HTTPS is easy and typically takes less than five minutes.
Step #1: Purchase and Install the SSL Certificate
Start the process of securing your site by purchasing an SSL certificate. Many different vendors offer these low-cost certificates, with some of them even offering them for free. For the most straightforward installation process, purchase the SSL certificate directly from your current website host provider.
Depending on where you get your SSL certificate from, there will be specific installation directions to follow. If purchased through your web host, install it via your website’s admin panel on the SSL tab.
After following the directions, your certificate will install instantly. However, the change may take a few hours to populate correctly across the internet and to site visitors.
Step #2: Update the URL
To implement your SSL certificate across your website, check your website’s settings. How to complete the update varies depending on the platform, but it’s typically completed in one or two steps. To locate the proper area to update, look for language on your site’s backend such as “securing all pages with HTTPS.”
For WordPress sites, go to the “General” tab and update both WordPress Address (URL) and Site Address (URL) to HTTPS by adding the extra “s” to HTTP. Be sure to save your changes.
Step #3: Redirect Traffic to HTTPS
Next, you need to re-route visitors who either have your old URL bookmarked or visit from an old link on an external site. To do so, implement a site-wide 301 redirect that will re-route all HTTP traffic to HTTPS.
There are a variety of plugin options available to complete a site-wide redirect. However, plugins aren’t always the most reliable option since they can break due to updates or conflicts.
If you don’t feel secure using a third-party plugin, you also have the option to set up a 301 redirect manually using File Transfer Protocol (FTP).
Step #4: Review Your Work
Finally, recrawl your site using your preferred crawling tool to verify the successful transition to HTTPS.
The Benefits of Having a Secure Site
Due to its heavy encryption, the HTTPS protocol offers highly secure communication between a browser, user, and server. A website marked “Secure” in Chrome browsers helps web visitors feel safe using the website and sharing sensitive data. The HTTPS protocol shows web visitors that the website publisher views security as a serious concern, creating trustful relationships.
HTTPS site owners enjoy better search results rankings. Although currently a small factor, HTTPS is viewed favourably in Google’s search ranking algorithms. Websites that are marked “Not Secure” can cause visitors to navigate elsewhere, negatively affecting the site’s click-through rates.
The Bottom Line About Having a Secure Website
If Chrome displays your site as being insecure, make it a priority to fix it quickly. Having HTTPS instead of HTTP makes website visitors feel safe, creates trust in your organization, and improves your search rankings. Most importantly, it encrypts your website visitors’ personal data and provides protection from third-party breaches.