“How do I fix a “website is not secure” error in Google chrome?” This is a question I have received quite often, especially more recently. We first saw the “Not Secure” warning in version 68 of Google Chrome. The warning appears in all subsequent Chrome versions whenever a user visits an insecure website. The big question is why the error occurs and how one can handle the error. That is our business of the day. By the time you are done reading this article, you will have a clear sight of what this error implies and how you can handle it.
What is the “Website is Not Secure” Error in Chrome?
Whenever you encounter the “Website is not Secure” Error in Chrome, know that the site you are connecting to lacks enough security. It is best to treat the error as an alert that the website is unprotected and that sharing any sensitive information via the website is detrimental. Such information can potentially be intercepted, stolen, read, or modified by attackers. No user wants to receive such an experience on the world’s largest and most popular browser.
Important to note: The “Website is not secure” error doesn’t necessarily mean the website is infected with malware. It only serves as an eye-opener that the website is risky and susceptible to attacks.
The responsibility to rectify the error wholly lies on the shoulders of the website owners. Site visitors have very little they can do to correct the error other than requesting site owners to correct the error.
How the “Website is Not Secure” Error Appears in Chrome?
Here is a screenshot of what appears when a user clicks on a website that is not secure.
Users can also easily identify a website that is not secure by looking at the address bar of the website. The URL will have a red-lettered warning “Not Secure,” as shown in the screenshot below.
What Causes the “Website is not Secure” Error in Chrome
Your website shows the “website is not secure” error in chrome because it does not offer an encrypted connection. The HTTP/HTTPS factor makes a big difference regarding website security. HTTP websites are insecure, while HTTPS websites are secure. In other words, websites running on the HTTP protocol display the“Website is not Secure” error. The next question that comes into mind is what differentiates HTTP and HTTPS.
The primary difference between HTTP and HTTPS is that HTTPS websites have an SSL certificate. It is the SSL certificate that gives websites encryption strengths. A website owner intending to rectify this error should install the SSL certificate on the website and ensure all domains run on the HTTPS protocol. It doesn’t matter the price of the certificate. Even a site holder should go with low cost or a cheap SSL certificate, which is strong enough to give your website the required encryption and correct the error.
How Do I Fix a “Website is not Secure” Error in Chrome
At this point, you probably know what you need to fix the “website is not secure” error in chrome– the SSL certificate. But knowing that your website needs an SSL certificate and integrating the certificate into your website are two different things. This article will guide you on the procedure to follow when configuring an SSL certificate on your website.
Step 1: Decide on the type of SSL Certificate you Need
Various types of SSL certificates befit different types of websites. The certificates are categorized based on two factors:
- The validation levels they offer
- The number of domains they cover
With validation levels, there are three types- extended validation, domain validation, and organization validation certificate. Similarly, different certificates have different numbers of domains. For instance, single-domain certificates only cover one domain. Wildcard SSL certificates cover one domain and an unlimited number of subdomains. Multi-domain SSL certificates cover multiple domains and all subdomains falling under them.
It is good to research the needs of your website and pick the type of SSL certificate that befits your budget. As I mentioned earlier, price should not be a big issue when it comes to encryption since a discounted or cheap SSL certificate could work similarly to the most expensive one.
Step 2: Choose A Certificate Authority and Generate A Certificate Signing Request
Certificate authorities are the organizations entrusted with issuing SSL and other digital certificates. Some renowned certificate authorities you can work with include GoDaddy and GlobalSign. Upon settling on the certificate authority, you must generate the certificate signing request (CSR). The certificate authority will use the information embedded in the CSR to issue the certificate.
Step 3: Submission of the CSR
Upon generating the certificate signing request, the next step will be to head over to the website of the certificate authority you have chosen and submit the CSR file you generated.
Step 4: The CA Validates Your Certificate
The CA will validate the authenticity of the domain and organization details you have provided in the CSR. The time it takes to validate the certificate request will vary depending on the certificate you choose. EV SSL certificates often take longer than OV and DV certificates to be validated as it requires thorough business validation.
Step 5: Install the Certificate
If the certificate authority successfully processes your SSL certificate request, it will send you an email containing instructions to follow when installing the SSL certificate on your website. You must follow the instructions to install and configure the certificate. Alternatively, you can contact your web hosting provider to do the task for you.
More Troubleshooting Solutions to Fix The Error
- Change All URLs From HTTP to HTTPS
It is possible to have an SSL certificate on your website and still have some old sites run under the HTTP protocol. To transfer all HTTP pages to HTTPS, you will have to create and configure a .htaccess file that carries the necessary code for automatically redirecting HTTP pages to HTTPS.
You can use the cPanel file manager to create and configure the .haccess file. You can also create the file using a text editor application on your device and upload the file to your website servers.
In cPanel access Home >> Domains,
You can enable Force HTTPS Redirection, which will move HTTP to the HTTPS version.
You can find such details in the account’s user data files (/var/Cpanel/user-data).
- 301 Redirects of Your Website
Because you have changed the location of your website address, you will have to perform 301 redirects. Essentially, previous site visitors that have saved your old HTTP URL link as a cache will not be able to access the HTTPS site. To resolve this issue, you must inform WordPress (or your CMS) to redirect all HTTP traffic to HTTPS. 301 redirects will permanently direct all website traffic to your desired URL. If you want to do a redirect process by manual editing in the .htaccess file, then follow the below commands.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Final Words
The SSL certificate is the answer to the question, “how do I fix a “website is not secure” error in chrome?” The certificate guarantees users the safety of all data and information they share with you. It also prevents your website from unnecessary penalties by Google. If your website does not have an SSL certificate, it is time to follow the steps explained above and ensure the security of your website.