Why Does My WordPress Site Say Not Secure & How To Fix It
When we log into any website or online store, many check to see if it says secure website in the address bar at the top of the page. For many, if we don’t see the padlock on the search bar, it’s a no-no when submitting our details to the website.
Many WordPress web page owners will agree that they have likely seen the Not Secure warning in their web browser at least once or twice, especially when it’s a newly designed one.
If you log into your website and it says not secure, don’t panic!
Although your website being marked as insecure isn’t just an annoyance, it can also impact your reputation, revenue, and even Google ranking.
However, this doesn’t mean you need to shut down your site immediately and start over from scratch. Unless you’ve had a website security breach that exposed sensitive information or has been told by an expert to take action immediately.
This article will cover everything you need to know about this warning and how to fix your WordPress, step by step.
Why Is Having A Secure Website Important?
A secure website is crucial because you don’t want sensitive user or personal information to be compromised. The padlock icon and the HTTPS in your browser’s address bar tell your site visitors that the site is secure and protects their data.
More so, Google search console will show insecure HTTP protocol errors, which is when your site uses an insecure protocol for all traffic, like HTTP, which means that search engines will show your websites with mixed content errors like insecure HTTP protocol or not secure.
One of the first steps to secure your site is to install SSL certificates on your web host. A really simple SSL plugin can be installed on your blog, allowing it to run over an encrypted connection without any additional work from you.
For your website to have a secure certificate authority, you need to contact your WordPress website hosting company through their support page and provide them with your WordPress site URL so they can generate one.
How To Secure Your WordPress Websites
The first step to securing your WordPress website is identifying which files are not secure. You can open a page on your site in the browser and look at the address bar. If you see HTTP instead of HTTPS, the connection between your computer and the web server is insecure, meaning someone could intercept passwords or credit card numbers.
The next step is enabling secure connections for all files by updating settings and switching every WordPress plugin over to HTTPS.
Make Sure Your Free SSL Certificate Is Setup Properly
To verify whether or not your site is secure, use the SSL Server Test Tool to check for a valid SSL certificate. Ensure that your free SSL certificate is set up correctly and the site’s files are located on a level of security.
If you have an insecure site with HTTP connections, there’s a good chance your browser’s address bar will say not secure when connected to it from an internet browser like we said earlier but don’t worry, your web host can quickly fix these things.
Many website owners mistakenly think they need to buy an SSL certificate when they can get free. It’s unnecessary; the key is ensuring your site files are secured by hypertext transfer protocol (HTTPS).
If you move them, your website should go back to secure (as long as you have a valid SSL certificate, even if it’s a free certificate). You would have a secure HTTPS connection on your website.
Lastly, if your site has an expired SSL certificate installed, we recommend buying one from your hosting company. However, before installing, it is best to use LetsEncrypt to avoid problems. Using Let’s Encrypt helps you establish trustworthiness with your visitors.
Have All Of Your Payment Details Up-to-Date
When shopping around for a new SSL certificate or if your website hosting plan is expired, ensure all your payment details are up-to-date. It takes about 24 hours for changes to appear after submitting them and your website hosting partner processing team reviews them.
As a precautionary measure, it’s vital to ensure the proper settings are met before adding the SSL Certificate. Also, remember that SSL Certificates take anywhere between 5 to 30 minutes before they take effect.
Once they take effect, the browser’s address bar will say secure as opposed to not secure. After implementing the free SSL Certificate, monitoring how often people visit your website is essential since too many accesses may cause redirection to HTTPS.
Once you add the SSL certificate and complete these steps, go ahead and test your site. If you notice too many redirected visitors, we suggest changing the URL where users connect their browsers to HTTP. That way, even though you haven’t implemented the free SSL certificate, your website isn’t displaying secure messages.
Download Google Chrome Browser
While Firefox and Safari browsers might display mixed content warnings for sites without an SSL certificate, Chrome offers something called Site Isolation which blocks malicious code from running on your computer.
By blocking scripts and preventing information leakage, you reduce your risk of browser vulnerabilities. Although, there’s a reason why even Google recommends installing the SSL certificate on your site.
You’ll want to install your free SSL certificate if you want your website to function correctly with modern browsers. If you decide to go with a paid SSL certificate, the cost is usually worth it if you have a site that makes money.
Maintain A Secure Connection
Maintaining a secure connection is essential even when dealing with free SSL certificates. Two security measures are involved when accessing websites – The first involves protection from hacking.
In this sense, SSL certificates encrypt data before transmitting it can deter hackers. The second type of security covers payments made over an unsecured connection.
For example, online purchases without encryption require confirmation of the purchase by credit card number and other personal information. Free SSL certificates assure customers making purchases through your website because they know their sensitive data is encrypted.
Ensure that your site’s files are encrypted and that you’ve configured the browser to use a secure connection. However, free SSL certificates only cover some parts of your website. This means the browser should say secure instead of not secure.
Before any SSL certificate is installed, the site must be checked for directory listings and hidden folders to ensure it’s free of malware. Files should also be backed-up before the installation process. Doing so helps ensure the site’s files are not deleted. Additionally, it’s essential to back up your database before installation.
Other Best Practices For Running Your WordPress Website
Keeping your website secured is easier than it may seem. There are a few other best practices for running your WordPress website. These will all help to maintain the safety and privacy of your website.
- It would help if you were backing up your site’s files regularly.
- Second, if you’re using a browser’s address bar to load your site and it says Not secure, ensure that the connection is transmitted with the secure sockets layer (SSL).
- Remember to update WordPress periodically.
- Take care of your security by enabling two-factor authentication when possible.
- Remember to change passwords from time to time and use different passwords on different sites.
- Keep WordPress core software updated.
- Install plugins only from reputable sources to avoid exposing your site to malware.
- Limit access to your WordPress admin pages so only those who need it can get in.
- Never disclose your website’s content or design in a public forum.
- Permanently disable file editing features in the back end.
- Run regular backups of your site.
- Keep an eye out for suspicious activity, such as unusual logs and emails.
- Encrypt sensitive data using WP Security Keys or SSL certificates to secure private information.
- Create strong passwords that contain letters, numbers, and symbols.
- Make sure your WordPress administrator username is not something like admin or administrator because these names are easy to guess.
- Don’t put sensitive information in your WordPress database.
Frequently Asked Questions
What does HTTPS actually mean?
HTTPS is the secure version of HTTP. HTTPS encrypts the data you send to and from your site’s files, which protects your information. When visiting an HTTPS website, your browser’s address bar will show a lock icon and HTTPS in the URL.
You can tell if your browser supports HTTPS by looking for HTTPS in the Security or Severity column of its address bar. The greener/less red you see here, the better. For example, The title of this post is ‘Why Does My WordPress Site Say Not Secure & How To Fix It?’ and you’re viewing it on a browser with no certificate errors.
How much do SSL Certificates cost?
SSL Certificates are the cost of doing business online. The cost of SSL Certificates can vary from company to company, and some companies offer free SSL Certificates.
But as a general rule, SSL Certificates for websites start at about $50 per year for a standard domain name. With more expensive certificates costing hundreds of dollars per year. It’s also worth noting that SSL Certificates do not last forever – most only last one or two years before they need to be renewed.
What are the best places to buy SSL certificates from?
The best places to buy SSL certificates are from the certificate issuer. Typically, this is your hosting provider or a third-party provider like Let’s Encrypt. When you purchase an SSL certificate, you’ll be given information about where on your site’s files you need to place them.
The next step is to ensure that your browser’s address bar says HTTPS rather than HTTP. If the browser still says HTTP after you’ve installed and activated your SSL certificate, you may have placed the certificate in the wrong spot.
This blog post has helped inform you of the importance of securing your website with a free SSL Certificate. Maintaining a secure connection is essential, which means the browser should say secure instead of not secure.
Remember to do regular backups to protect your website’s files. And always check for malware when creating or updating a free SSL Certificate. And most importantly, make sure the SSL Certificate is set up correctly.
This includes the location of your SSL Certificate, your SSL Certificate’s hostname, SSL Protocol, and server port. Not to mention whether or not to redirect old links to the secured page. Ensuring all of these settings are correct is vital.
Lastly, it’s essential to monitor your website for hacked pages. This is especially true for sites using a free SSL Certificate. Make sure you keep your site updated and secured by remembering to update your plugins and themes regularly.