Have you ever visited a website to receive a horrifying note that the site is “not secure”? A broken or red lock visible to any visitors. You may have clicked or closed the window to avoid potential problems.
Whether you’re planning a new site or already experiencing this issue and wondering why your site isn’t secure, you’re happy to know that there is a simple solution.
This article will help you find out what an insecure site warning means and why your site needs security, and how you can fix it.
What is HTTPS?
HTTPS is an abbreviation for “Hypertext Transfer Protocol Secure”. It is an internet protocol that allows information to flow securely between a server (website) and a client (the person who accesses the server). HTTPS sites offer Internet users many advantages over HTTP.
What does it mean that my site in “not secure”?
If your website is listed as “insecure”, it means that you do not have a renewed SSL certificate. It starts with HTTP instead of HTTPS, so it’s easy to recognise by the URL of your website.
A proper SSL certificate creates a secure connection directly with the server where the visitor is located.
So what would it look like if the site was “insecure”? Depending on the web browser you are using, when you try to access a website, you will see a message similar to the listed below:
Use a trusted security certificate
As part of enabling HTTPS on your site, you need to get a security certificate. The certificate is given by a Certificate Authority (CA). The certificate authority protects the website from a Man-in-the-middle attack by verifying that the web address belongs to the organisation. When configuring the certificate, choose a 2048-bit key to ensure a high level of security. If you already have a weaker key (1024-bit) certificate, upgrade to 2048-bit. Keep the following in mind when choosing a certificate for your site:
My website isn’t secure; how can I fix it?
Adopting HTTPS is not difficult at all, so review the five-step process to protect your website for your site visitors and customers.
Install the Secure Sockets Layer (SSL) certificate
To make your HTTP site secure, you need to install an SSL certificate on your website. Installing an SSL certificate involves several exchanges that provide site visitors with a secure version of the website.
Is your certificate expired?
In rare cases, you may have problems renewing your domain’s SSL certificate. If you notice that HTTPS suddenly stopped working, please contact support to fix it.
Make sure the internal and external links are using HTTPS
If you want your internal and external site links to continue to work effectively, change them all to HTTPS as well. It may sound boring, but it’s essential to make HTTPS useful to your website, not harm it. There are plugins for WordPress for example that do this automatically for you.
Check your website in Google Search Console.
After installing the SSL certificate and verifying that your site links use HTTPS, it’s a good idea to check both the HTTP and HTTPS versions of your site in Google Search Console.
You also need to ensure that the preferred domain is set to the HTTPS version. This ensures that your site visitors have a secure version of your website.
Make sure the HTTP URL is redirected.
If you mention your website on a third-party site that you manage, be sure to change that reference from HTTP to HTTPS. We also recommend that you create a 301 redirect on your website so that the HTTP URL refers to the HTTPS version.
Update XML sitemap
Next, we recommend updating your XML sitemap to reference the HTTPS version of your site’s pages. Sitemaps act as a roadmap for site visitors and Google and make it easy to navigate your website. To allow Google to re-crawl your website and index it with new links, we recommend that you submit your updated sitemap to Google Search Console.
Need help securing your website?
I often hear the question, “My website isn’t secure. How can I fix it?” This is a valid question for website owners and should be done if they are interested in retaining new and old visitors.
We’ve seen how to verify your SSL certificate and how to identify insecure resources on your HTTPS site. Hopefully, you can troubleshoot security issues on your site and bring your green lock back to its previous glory.
At the very least, Chrome’s “unsecured HTTPS” messages can be annoying. Unluckily, it can also cause you to lose customers quickly, fall into search rankings, and suffer from online attacks. Resolve the issue by purchasing an SSL certificate and installing it on your site. This builds trust between you and your visitors, attracts more traffic to your website and increases trust with your target audience. Feel free to contact us for help or advice.