Is Google Marking Your Site as “Not Secure”? (& How to Fix It)

I understand how irritating it may be while you go to your web site and see an enormous “Not Safe” warning within the browser. It looks like one thing’s damaged—and worse, your guests can see it too. 😬

That little message can scare individuals off earlier than they’ve even had an opportunity to go searching. They could go away with out studying a phrase, filling out a kind, or making a purchase order.

Google reveals this warning when your web site doesn’t have an SSL certificates. Meaning your web site isn’t utilizing HTTPS, and the browser is letting guests know their connection may not be personal.

Fortunately, the repair is simple, and I’ll stroll you thru it step-by-step. I’ve used the identical course of by myself web sites and helped numerous others do the identical with WordPress.

Why Does Google Present “Not Safe” on Your Web site?

After I see the “Not Safe” warning pop up on a web site, I do know it normally means one factor: the location isn’t absolutely encrypted. Google reveals this warning when a web site doesn’t use HTTPS or there’s one thing mistaken with its SSL certificate.

For reference, HTTPS (Hypertext Switch Protocol Safe) is the safe model of HTTP. It makes use of one thing known as an SSL/TLS certificates to encrypt the connection between your web site and your guests.

And the Google “Not Safe” message isn’t only a minor warning you may ignore. Most guests don’t stick round after they see that alert. It alerts an absence of belief, and that impacts every thing from conversions to your search rankings.

Let me stroll you thru the 4 most typical causes I’ve seen this warning seem on WordPress web sites.

1. Your Web site Doesn’t Have an SSL Certificates

SSL certificates encrypt the connection between your web site and your guests. With out one, browsers assume your web site is unsafe, as a result of technically, it’s. Any knowledge individuals enter in your web site, like private or bank card particulars, may very well be intercepted.

That’s why Chrome and different browsers flash the “Not Safe” warning for websites that also use plain HTTP. I’ve seen this occur to brand-new websites the place SSL simply wasn’t enabled but, and even older websites the place it was by no means put in.

2. Your SSL Certificates Is Expired or Invalid

Generally the SSL certificates is there, nevertheless it’s expired or wasn’t put in correctly. This is likely one of the first issues I examine when somebody asks why their web site immediately reveals a warning.

You possibly can normally spot this SSL issue by clicking the padlock (or the lacking padlock) in your browser’s deal with bar.

If there’s an issue, then your internet hosting supplier ought to give you the chance that can assist you renew or reinstall the certificate.

3. Your Web site Has Combined Content material Points

Even with a sound SSL certificates, your web site can nonetheless present as “Not Safe” if it’s loading some content material over HTTP. I’ve seen this lots when individuals switch their site to HTTPS however overlook to replace outdated hyperlinks to pictures, scripts, or stylesheets.

This is named combined content material, and browsers don’t prefer it. The repair is straightforward—you simply must replace any insecure URLs so every thing masses over HTTPS. Later on this tutorial, I’ll present you ways to do that.

4. Your Web site Has HTTP URLs in WordPress Settings

One other factor I all the time double-check is the location URL settings inside WordPress. If the WordPress Tackle or Web site Tackle remains to be set to HTTP, your web site might proceed to set off safety warnings even when SSL is working high quality.

You’ll find these settings by going to Settings » Normal in your WordPress dashboard. Then, swap each URLs to make use of HTTPS to make sure that each web page masses securely. I’ll present you ways to do that in a while.

Now that I’ve coated what causes the “Not Safe” warning, let’s check out repair it and stop it from coming again.

Find out how to Repair the “Not Safe” Warning in Google Chrome

Seeing the “Not Safe” warning in your web site will be irritating. You need your guests to really feel secure, not greeted with a warning label.

Fortunately, the repair normally isn’t sophisticated. Most often, it comes all the way down to enabling an SSL certificates, updating a couple of WordPress settings, or cleansing up what’s often known as combined content material.

I’ve gone by way of this troubleshooting process on dozens of websites—each my very own and for others—and I’ll present you precisely what to do to safe your web site and do away with that warning for good.

Listed below are the steps I’ll cowl:

Step 1. Get a Free SSL Certificates for Your Web site

The very first thing I do when fixing a “Not Safe” warning is examine if an SSL certificates is put in. This small piece of safety tech encrypts knowledge between your web site and guests—and it’s what allows HTTPS.

Years in the past, SSL certificates may very well be costly. Some corporations nonetheless cost a premium, however the excellent news is you don’t must pay for one, particularly in case you’re simply beginning out.

Most WordPress hosting providers now provide free SSL certificates with their plans. I’ve used this feature on dozens of internet sites, and usually, enabling it solely takes a few clicks out of your internet hosting dashboard.

For those who’re utilizing Bluehost, simply log in to your account and head to your web site settings. Then click on the ‘Safety’ tab.

From there, you’ll see the choice to allow the free SSL certificates. Simply toggle it on, and also you’re good to go.

Word: The screenshots above present the Bluehost dashboard. For those who’re utilizing a distinct host, then issues may look barely totally different, however the SSL setting is sort of all the time within the safety part.

For hosts that use cPanel, you’ll must launch it out of your internet hosting dashboard. Scroll all the way down to the ‘Safety’ tab and click on on the SSL/TLS icon.

And in case your host doesn’t provide free SSL, don’t fear—you may nonetheless get one by way of Let’s Encrypt.

We’ve got an in depth tutorial displaying you precisely do it: How to Add Free SSL in WordPress with Let’s Encrypt.

Step 2. Replace Your WordPress URLs to Use HTTPS

Even with an SSL certificates, your web site may nonetheless load as “Not Safe” if the WordPress settings are incorrect. You possibly can repair this by updating your web site’s URL.

Merely go to the Settings » Normal web page in your WordPress dashboard.

Then, be sure that each the ‘WordPress Tackle (URL)’ and ‘Web site Tackle (URL)’ fields use https:// as an alternative of http://.

Don’t overlook to click on on the ‘Save Adjustments’ button to retailer your settings.

WordPress will now begin utilizing https:// for all URLs throughout your web site. Nevertheless, some HTTP URLs should be saved in your WordPress database, which can trigger points transferring ahead.

Subsequent, I’ll present you repair these URLs simply.

Step 3. Repair Combined Content material Points in WordPress

One cause for the ‘Not Safe’ warning is combined content material points. This occurs when some elements of your web site load utilizing an HTTP (insecure) URL.

Virtually all of those URLs are saved in your WordPress database and added by your WordPress theme or plugins. You may additionally have http:// URLs in your weblog posts and pages.

To repair this, you will have a search and change plugin to search out http URLs and change them with https://. One of the best plugin for the job is Search & Replace Everything.

I exploit Search and Exchange Every little thing as a result of it’s quick and environment friendly. Extra importantly, it’s tremendous straightforward to make use of even for rookies.

Tip💡: There’s additionally a free version of Search & Replace Everything that you need to use.

First, you must set up and activate the Search and Exchange Every little thing plugin. For particulars, you may see this information on how to install WordPress plugins.

Upon plugin activation, go to the Instruments » WP Search & Exchange web page to begin utilizing the plugin.

Within the ‘Seek for’ area you must enter http:// and within the ‘Exchange with’ area add https://.

After that, you must click on on ‘Choose All’ to make sure all tables in your WordPress database are included within the search.

Lastly, click on on the ‘Preview Search & Exchange’ button.

The plugin will then carry out the search and present you a preview of the outcomes. This lets you assessment the information earlier than it’s completely modified.

Fastidiously assessment the outcomes, and as soon as you’re glad, click on on the ‘Exchange All’ button.

The plugin will then make adjustments to your WordPress database and change all HTTP URLs with HTTPS.

For extra particulars, see this information on how to fix the mixed content error in WordPress.

Step 4. Set Up an HTTP to HTTPS Redirect in WordPress

After switching a web site to HTTPS, one of many steps I by no means skip is establishing a redirect from HTTP to HTTPS. With out it, individuals may nonetheless land on the insecure model of your web site by way of outdated hyperlinks or bookmarks.

Essentially the most dependable strategy to repair that is by including a redirect rule to your .htaccess file. Right here’s the snippet I exploit on most WordPress web sites:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For particulars, see this information on how to fix the WordPress .htaccess file.

In case your web site is operating on Nginx as an alternative of Apache, then you definately’ll must arrange the redirect otherwise.

As an alternative of enhancing a .htaccess file, you’ll must replace your Nginx configuration.

Right here’s the code I might add to redirect all HTTP visitors to HTTPS in Nginx:

server {
    hear 80;
    server_name yoursite.com www.yoursite.com;
    return 301 https://yoursite.com$request_uri;
}

You’ll wish to place this block above the prevailing HTTPS server block in your web site’s Nginx config file—normally present in /and so on/nginx/sites-available/ or /and so on/nginx/conf.d/.

When you’ve added the redirect, don’t overlook to reload Nginx for the adjustments to take impact:

For those who’re undecided the place to make the change, it’s a good suggestion to reach out to your hosting provider.

Step 5. Check Your SSL Setup for Safety Points

After making these adjustments, it is best to take a look at your web site to make sure every thing is working accurately.

You should utilize the SSL Labs SSL Test to examine your certificates and ensure your web site is absolutely secured. Merely enter your area identify, and it’ll examine the SSL implementation in your area identify.

One other different instrument that I’ve usually used is Why No Padlock? What I like about it’s that it explains points in plain language, which is useful for rookies.

Lastly, attempt visiting your web site in Incognito mode. For those who nonetheless see the “Not Safe” warning, you must clear your WordPress cache or wait a couple of minutes for adjustments to take impact.

Make Your Web site Really feel Protected for Each Customer

Nobody needs their web site to scare away guests with a browser warning. The most important injury is dropping the belief of your prospects and guests.

I hope this information helped you absolutely safe your WordPress web site with HTTPS in order that your guests received’t should assume twice about trusting it.

Bonus Assets

I observe this WordPress security guide on all web sites I work on. This step-by-step information affords a simple motion plan to correctly safe your WordPress web site.

The next are a couple of further sources that I feel you’ll discover useful:

For those who preferred this text, then please subscribe to our YouTube Channel for WordPress video tutorials. You can too discover us on Twitter and Facebook.