Google Service Announcement: As of July 2018, Google Chrome (version 68) now shows a “NOT SECURE” warning if your website is not encrypted with an SSL certificate.
Why Does Chrome Say My Website Is “Not Secure”?
You probably noticed that your website shows a NOT SECURE warning message in the URL bar to your website visitors. Why? Because Google Chrome has been taking steps over the past year to make a more secure Internet.
I originally wrote this article in September 2017 when Google announced that they would show “Not Secure” ONLY for websites with forms that don’t have an SSL certificate.
But since then Google Chrome tightened security even more. Now (as of July 2018) it's as if Google Chrome is publicly shaming ALL websites with unencrypted connections by displaying a “Not Secure” message. This is Google's way of pushing business owners to embrace HTTPS encryption.
What Does This Mean?
If your website does NOT have an SSL certificate installed your website will display a “Note Secure” warning in the URL bar.
The frustrating part about the “Not Secure” message is that it puts fear in people and causes them to click away from your website. At the very least, users won't trust the integrity of your website.
How Can You Tell If You Have an SSL Certificate Installed?
Type https://www.your-domain-name.com into your Google Chrome browser.
If you see the closed padlock, this is good and means that you do have an SSL certificate installed.
If you see the NOT SECURE warning, this is bad and means you don't have an SSL certificate installed.
How To Fix and Remove The “Not Secure” Warning From Your Website?
If your website host is BLUEHOST you are in luck and is the easiest not secure website fix. It's pretty painless and cheap! Just watch my video tutorial below. If you have HOSTGATOR, it's more difficult and expensive, but I also created a video tutorial for you to follow below.If you have a different hosting provider, I would consider saving yourself the headaches and just have the team over at Webflavor issue and install the SLL certificate for you. If that doesn't tickle your fancy, I list some alternative options for other hosting providers listed below.
- HIRE SOMEONE
For example, our sister company, Webflavor, charges $99 to install an SSL certificate. With their SSL install you WILL NOT have to pay the typical yearly renewal costs (like traditional SSL providers) and deal with the headaches of reissuing and reinstalling it each year.
Got a WordPress Site Hosted With BLUEHOST?
If yes, here is step-by-step tutorial on how to install an SSL certificate for your Wordress site with Bluehost hosting and notify Google of the HTTPS URL change:
Got a WordPress Site Hosted With HOSTGATOR?
If yes, here is step-by-step tutorial on how to install an SSL certificate for your Wordress site with HostGator hosting and notify Google of the HTTPS URL change:
Have a Different Website Hosting Provider?
Here are four steps to fix the problem:
1. Install an SSL Certificate
- If you have a webmaster, contact them right away and ask them to install an SSL certificate for you.
- If you do NOT have a webmaster, contact your website hosting company and see if they can install an SSL certificate for you.
- If you are using a Non-Self Hosted service like Blogger.com, there should be a way to redirect to HTTPS. For example: Here's how to Turn on HTTPS redirect for Blogger.com.
- If your website is with Weebly, you have to be at the Pro plan level for HTTPS. However, there is a topic started there where you could upvote to try and get Weebly to make HTTPS available for all plan levels.
I would act fast to avoid the lines of people who are going to wait until the last minute.
2. If You're Using WordPress
After your SSL certificate is installed make sure that your URLs are updated in your WordPress admin area. Login to your WordPress Admin area and go to Settings > General. Change the HTTP part to HTTPS for the two URLs listed.
3. Notify Google of the URL Change
When you change from HTTP to HTTPS, Google treats this as a site move. Therefore, notify Google by updating your Google Search Console.
If you migrate your site from HTTP to HTTPS, Google treats this as a site move with a URL change. This can temporarily affect some of your traffic numbers.
Add the HTTPS property to Search Console; Search Console treats HTTP and HTTPS separately; data for these properties is not shared in Search Console. So if you have pages in both protocols, you must have a separate Search Console property for each one.
This means you should add a NEW website property to your search console using your HTTPS domain instead of the HTTP domain.
If you already have a domain in the search console, add a NEW one. If you don't have a domain in Google Search Console, add a NEW one as well.
Here are instructions on how to add a website property to Google Search Console. I also show you how to do this step-by-step towards the end of the two video tutorials at the top of this article.
4. Update Your Google Analytics Default URL
In the comments below, Teresa Noel asked if the Google Analytics URL should be updated. Yes! Awesome idea Teresa 🙂
If you have Google Analytics, it's super easy. You do NOT have to change your Google Analytics code that you put in your website. However, you should login to Google Analytics and update the Default URL.
- Login to Google Analytics
- Go to the Admin Settings (Gear Icon)
- Click on Property Settings
- Update the Default URL to Https and Save changes