How do I fix this website is not secure?

If you woke up in your Google Search Console message last Friday that “Chrome will display security warnings on” your website, you first need to know that it isn’t panic, but you’re prepared to work.

We got emails from our customers asking what this email is about and how it will affect them. Here’s what everything means.

What does it mean when a website is “not safe?”

Websites are provided through a protocol called HTTP, which represents a “hypertext transmission protocol,” a standard way for your computer to communicate with the website that you visit. A secure website uses a SSL security certificate that changes the HTTPS URL. This additional security essentially protects the communications of your computer, making it more difficult for others to listen and figure out what you are doing or get the information that you are sending online.

What is meant by “Chrome Will Show Safety Warnings?”

Chrome gave the warning and then a list of example URLs on your site which would be affected by this change. Please note that this will take place in October 2017.

These “non-secure” warnings are something Google has told users to move towards for a while now. This next step is focused on pages on which a user needs to enter information (e.g. form pages).

Google currently displays an’ information’ button to be clicked on (which says that the user has a unsecure site): they plan to use the URL box from October 2017: regular pages whose URLs start with HTTP will be similar to the existing one (i.e., a simple button of’ I’), except any pages with formats or which require a user to enter information www In addition, when viewed in incognito mode, all pages on HTTP show the “Not Secure” message.

Update: As of July 2018, with the release of Google Chrome 68, web sites are now being shown with the “Not Secure” warning: no secure https warning chrome 68, which only applies to Chrome Browsers If a web visitor uses Firefox, Safari, or even Internet Explorer, he or she won’t see that precises message— that only applies to Chrome browsers.

Note that Google’s Chrome browser is the hill king— it breaks down its market share competition. According to Net Market Share, which tracks and reports on Internet technology statistics, Chrome is the browser chosen by ~60 percent of internet users. No other browser is even near competition with Chrome for user share: How the “non secure” warning may affect your website One way this “nonsecure” warning can affect your websites is by raising user concern about the uncertain nature of your website or forms. Anyone interested in protecting their privacy and online information is likely to be reluctant to enter information about your forms. In addition, a “not secure” warning may lead users to believe that your website has been hacked and/or that your site is considered vulnerable. User experience is likely to be affected in any way. In its rankings another way your site could be affected— Google wants site owners to have a secure certificate and regards HTTPS as a factor in the ranking.

The only way to solve this issue is to obtain a security certificate from your hosting service and move your website from HTTP to HTTPS. You should at least ensure that any page with user input information formats is provided via an HTTPS connection.

In addition to certain pages, you would ideally migrate your entire site to HTTPS. Having a secure certificate for the entire website would make more sense— but that also brings its own problems.

Some of the most important things when you decide to migrate to HTTPS are: the cost of buying a SSL certificate may be. Although it is generally quite cheap, it is an additional cost to host your website. Free options are available; mainly Let’s Encrypt offers free SSL certificates.

When you move from HTTP to HTTPS, all new URLs are created. Google considers this as a move to the website. This means that when Google scatters through your website and reindexes new pages, traffic and rankings can decrease.

You might end up with many broken links. Because HTTP to HTTPS is a new URL, any links (internal and external) must be correctly redirected to 301 new HTTPS URLs. These 301 redirects should be implemented as redirects from the server side.

You can lose Google Search Console data. You will lose data if you don’t add the HTTPS property to your search console. Search Console also treats HTTPS as a separate entity and the search console does not share data.

In the end, we believe that it is in your and your users ‘ best interest to have a secure certificate and to be served by HTTPS on your site. And now it’s better to be ready to deal with potential issues instead of trying to fix things when Google rolls out its changes.

How to add an SSL Certificate and Fix No secure warnings?

We recommend that you crawl through your site and export your crawl before doing anything–this is just a safe failure in case of broken links, etc. Screaming Frog is the easiest tool for this.

Most hosting providers offer SSL certificate (little or no cost), which can be added to your site.

One thing is certain: GoDaddy does not seem to support a free SSL certificate. On GoDaddy host sites, in addition to hosting fees, you must purchase a certificate that costs about $60 a year per site.

You may purchase a Certificate or add a free Let’s Encrypt SSL certificate on sites hosted by WPEngine, BlueHost, Dreamhost and others. You must activate the certificate once you add it to your website. Often your host provider will automatically activate your certificate or go through a quick setup process–however, each host can be a little different, so please make sure you contact your host’s customer service and assistance if you have any problems or concerns.

When your certificate is activated, this serves to verify that your website follows security protocols and encrypts user data.

If you use WordPress, we recommend installing a ReallySimpleSSL plugin-once installed and activated, you run it and the plugin automatically detects your settings. It’s just as easy as that.

If you don’t run WordPress, you’ll have to edit a file (or have your host help with it). If you’re not extremely technical, your host provider will probably be better able to provide support and assistance.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^ [NC,OR]
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [L,R=301,NC]

If you want to try it yourself: you will create a server-side redirect once you have installed an SSL certificate and successfully migrated your site to its new HTTPS domain. Add the following code to the top of the.htaccess file (of course, replace’’ with your actual URL): One more step we would like to take is to install a’ Search and Replace ‘ plugin. You may search for any instance of the web at http:/ and replace it with https:/

Now, you should see a green padlock and “Secure” message when you open your site in a browser.

But you’re not finished yet — visit and put your URL there in the search box. This will scan your website and search for any mixed media (i.e. content, pictures, etc., that you use over http:). You can find what needs to be updated and fixed in this tool.

Once you have passed the green secure message: now you need to log in and update to https:/ your URLs on Google Analytics and Google Search consoles account. In Analytics, in the property and view settings, you will do that — just add the https: protocol.


You wish to add and verify ALL versions of your website in Search Console: Once you have added and verified the different versions, you will want to select a preferred version by using the gear icon, and choosing “Site Settings”— the preference domain will be set (with either a www or a non-www display URL).

After that –recreate your site in Screaming Frog (or your favorite crawling tool) and make sure your URLs are turned to https to check for the broken links/404s on your website.

Was this article helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *