godaddy
New Member
ICANN Accredited Registrar
ICA Member
Hosting Provider
Domain Broker
Domain Marketplace
ISO 27001
- Joined
- Jan 26, 2009
- Messages
- 59
- Reaction score
- 3
Have you ever browsed to a website, only to be stopped by an error showing a “Not Secure” message? This error means that your browser has detected that your intended destination isn’t using HTTPS and has flagged it as a security concern.
The internet. Such a beautiful thing. Yet, like a wild animal, it can sometimes be dangerous. If you’ve been online for even a short amount of time, you probably know that sometimes bad things can happen to good websites.
If you’re seeing the warning “Not Secure” in front of your domain name, you might think your site has been compromised. However, it may just mean that your website’s security isn’t up to modern standards.
As explained in this article on securing your website, any website will display a “Not Secure” warning if it does not use a secure connection (HTTPS). This originally began as part of Google’s initiative to make the web more secure, but has now been widely adopted as standard by other browsers.
The error likely means that your site doesn’t have an SSL certificate and is not using the HTTPS protocol. Or, if it does, it means that your SSL hasn’t been configured correctly. The notification doesn’t necessarily mean your site is compromised or not functioning.
Let’s take a moment to dig a bit deeper into the meaning of the “Not Secure” warning.
It used to be that only websites handling payments needed SSLs. However, SSL encryption protects all information that passes through the browser to the server, including logins and passwords, and even web admin credentials.
With the “Not Secure” warning, it doesn’t matter whether the site handles sensitive data. All websites need to use SSL encryption to ensure secure transfer of information.
If you’re ready to get ahead of the web security game, you can get an SSL certificate from GoDaddy to lock down your website.
Self-signed SSL certificates are created and signed by the website owner rather than a trusted Certificate Authority (CA). Because they are not verified by a recognized third party, web browsers do not trust them, which can trigger “Not Secure” warnings.
To ensure your website is trusted by browsers, it’s recommended to use SSL certificates issued by reputable CAs.
Yes, this is a requirement of all major browsers at this time.
Source: Pixabay
If you’re facing SSL certificate errors or other issues with your site, it’s likely you’re displaying the “Not Secure” warning. Let’s take a deep breath and look at how to fix that.
To implement HTTPS on your website, you need to obtain a TLS/SSL certificate from a hosting provider or a certificate authority. Some hosting providers offer free SSL certificates, while others provide paid options. Once you have the certificate, install it on your web server, and configure your website to use HTTPS.
Start by updating links at the source: when adding links in WordPress, paste the https:// version of the URL and avoid protocol-relative links (e.g., //example.com) unless you’ve verified the destination supports HTTPS.
Finally, validate automatically: use a crawler (or a broken-link checker) to flag non-HTTPS external links, and spot-check high-traffic pages in your browser’s DevTools/console for mixed-content warnings — then fix or remove any destinations that don’t reliably support HTTPS.
Configure a site-wide 301 redirect at the web server (preferred), so any request to http:// is automatically sent to the same address on https://. After adding the redirect, confirm your TLS/SSL certificate is installed, update WordPress settings to use the https:// site URL, and test a few pages to ensure there are no redirect loops and that mixed-content issues are resolved.
Make sure your site’s canonical URL is HTTPS (WordPress Address/Site Address and any SEO plugin settings), then regenerate the sitemap using your SEO plugin (or your CMS’s built-in sitemap) so all listed URLs, image URLs, and lastmod dates are current and use https://.
Finally, resubmit the sitemap in Google Search Console and Bing Webmaster Tools, and monitor for crawl errors—especially “submitted URL seems to be a soft 404,” mixed HTTP/HTTPS entries, or URLs that still redirect.
Sign in at search.google.com/search-console and add your site as a property—ideally choose Domain property so it covers all subdomains and both HTTP/HTTPS (then verify via a DNS TXT record with your domain provider).
Once verified, confirm Google sees the correct HTTPS canonical version, submit your XML sitemap (e.g., /sitemap.xml) under Sitemaps, and use URL Inspection to request indexing for key pages.
From a security standpoint, ensure the site is serving valid HTTPS, and restrict Search Console access to only trusted accounts with the minimum necessary permissions.
A secure website isn’t just a nice-to-have. It’s an essential for a successful small business. Let’s dive into some of the main reasons why you should take website security seriously.
Any weakness can be used to expose your visitors to harm — even if they’re “just browsing.” If an attacker compromises your site, they can inject malicious code that steals logins and payment details, tracks visitors, redirects them to phishing pages, or delivers malware (often without obvious signs).
Strong security controls — HTTPS, timely updates, least-privilege access, secure plugins/themes, and monitoring — help keep the data your visitors share private and ensure the pages they load are authentic and safe.
Your site is a gateway to revenue, customer data, internal accounts, and your brand reputation. If attackers gain access, they can deface content, steal databases and backups, hijack admin accounts, reroute traffic, run spam campaigns from your domain, or hold your site for ransom, causing downtime and long-term SEO and trust damage.
Strong website security helps preserve ownership and continuity of the systems and data your business depends on.
Securing your website can directly improve customer confidence and conversion. A site that consistently loads over HTTPS reduces abandonment and support issues, while breaches create downtime, reputation damage, and lost search visibility.
Strong security practices make your business more resilient.
Securing your website protects your reputation because customers judge your brand by how safe and reliable your online experience feels. A single incident — malware injections, spam pop-ups, phishing pages, data leaks, or even a browser “Deceptive site ahead” warning — can quickly erode trust, impacting your sales long after the technical issue is fixed.
Beefing up security controls can help prevent public-facing incidents and demonstrate that your business takes customer safety seriously.
Malware or defacements can trigger browser and search-engine warnings that stop traffic cold.
With basic security measures in place, you can reduce the chances of an incident that interrupts sales — or makes customers hesitant to buy in the first place.
Source: Pixabay
An SSL certificate encrypts the data being sent to and from your website, but it doesn’t protect your website against malware or DDoS attacks. These are other important security measures to consider for full website security.
Hacking is a major issue for businesses of all sizes.
Implementing HTTPS boosts your website’s trustworthiness by ensuring secure data transmission between your server and users’ browsers. Modern browsers flag non-HTTPS websites as “Not Secure,” which can negatively impact user perception and engagement.
By adopting HTTPS, you not only protect your users’ data but also align with best practices that search engines may favor, potentially improving your site’s visibility in search rankings.
Fixing the “Not Secure” warning is one of the highest-impact upgrades a website owner can make because it immediately improves how your site looks to visitors and how safely it handles data in transit.
In most cases, the path is straightforward: install a trusted SSL/TLS certificate, force HTTPS with redirects, and clean up any mixed-content issues so every page element loads securely.
But remember that HTTPS is a foundation, not the finish line. Pair it with core security habits to reduce the risk of downtime, lost revenue, and reputation damage. With these basics covered, you’re building a site people can trust.
We’ve covered a lot about securing your website, but in case you still have questions, let’s try to cover them here.
HTTPS is a secure way to send data between a web server and a web browser. It is the secure version of HTTP, the primary protocol used to send data between a web browser and a website. HTTPS is encrypted to increase the security of data transfers, particularly when users transmit sensitive data.
HTTPS uses an encryption protocol called Transport Layer Security (TLS) to secure communications between a web server and a web browser. It employs an asymmetric public key infrastructure, using a private key controlled by the website owner and a public key available to users.
Information encrypted with the public key can only be decrypted by the private key.
HTTPS is important for all types of websites because it encrypts data transmitted between the server and the user’s browser, ensuring that sensitive information remains secure. This encryption protects against data interception and breaches, enhancing the overall cybersecurity of the website.
HTTPS contributes to overall cybersecurity by encrypting traffic between the web server and the browser. This makes it difficult for attackers to intercept or manipulate data, thereby protecting user data and maintaining the integrity of the website.
Submitting personal information on a non-HTTPS (HTTP) site means the data is sent unencrypted, so it can be intercepted and read by anyone who can get access to the connection. Attackers can also modify traffic in transit, injecting scripts or redirecting you to lookalike pages to steal credentials or payment details. Even if the site itself is legitimate, non-HTTPS increases the risk of account takeover, identity theft, and fraud because there’s no strong protection against eavesdropping or tampering.
Customers with multiple websites can consider the Multiple Domains SSL Certificate, also known as SANs (Subject Alternative Names) SSL Certificate. This type of certificate allows you to buy a single SSL that can protect multiple websites, saving money and time. You only need to manage one SSL for all your websites.
Yes, but you shouldn’t rely on a free SSL certificate as a “set it and forget it” security solution. Free certificates can be perfectly valid for encryption, but they often come with tradeoffs — shorter lifecycles that require reliable auto-renewal, fewer management/support options if something breaks, and less convenience for non-technical site owners.
For a business website where uptime, trust signals, and fast recovery matter, a paid certificate or a managed SSL service is usually the safer choice because it reduces renewal failures, misconfigurations, and downtime risk.
No, it doesn’t matter where your site is hosted; this impacts all websites. You can get an SSL certificate from GoDaddy, and in our Help Center, you can find more information about how to download the SSL files and manually install the SSL as well.
The post How to fix the “Not Secure” warning on your website appeared first on GoDaddy Blog.
Continue reading...
The internet. Such a beautiful thing. Yet, like a wild animal, it can sometimes be dangerous. If you’ve been online for even a short amount of time, you probably know that sometimes bad things can happen to good websites.
What does the “Not Secure” warning mean?
If you’re seeing the warning “Not Secure” in front of your domain name, you might think your site has been compromised. However, it may just mean that your website’s security isn’t up to modern standards.
As explained in this article on securing your website, any website will display a “Not Secure” warning if it does not use a secure connection (HTTPS). This originally began as part of Google’s initiative to make the web more secure, but has now been widely adopted as standard by other browsers.
The error likely means that your site doesn’t have an SSL certificate and is not using the HTTPS protocol. Or, if it does, it means that your SSL hasn’t been configured correctly. The notification doesn’t necessarily mean your site is compromised or not functioning.
A closer look at Chrome’s “Not Secure” warning
Let’s take a moment to dig a bit deeper into the meaning of the “Not Secure” warning.
Is SSL only for ecommerce sites?
It used to be that only websites handling payments needed SSLs. However, SSL encryption protects all information that passes through the browser to the server, including logins and passwords, and even web admin credentials.
With the “Not Secure” warning, it doesn’t matter whether the site handles sensitive data. All websites need to use SSL encryption to ensure secure transfer of information.
If you’re ready to get ahead of the web security game, you can get an SSL certificate from GoDaddy to lock down your website.
What are self-signed SSL certificates?
Self-signed SSL certificates are created and signed by the website owner rather than a trusted Certificate Authority (CA). Because they are not verified by a recognized third party, web browsers do not trust them, which can trigger “Not Secure” warnings.
To ensure your website is trusted by browsers, it’s recommended to use SSL certificates issued by reputable CAs.
Is this just for Chrome, or will Firefox and other browsers do this too?
Yes, this is a requirement of all major browsers at this time.
How can I fix the “Not Secure” warning?
Source: Pixabay
If you’re facing SSL certificate errors or other issues with your site, it’s likely you’re displaying the “Not Secure” warning. Let’s take a deep breath and look at how to fix that.
1. Install an SSL certificate
To implement HTTPS on your website, you need to obtain a TLS/SSL certificate from a hosting provider or a certificate authority. Some hosting providers offer free SSL certificates, while others provide paid options. Once you have the certificate, install it on your web server, and configure your website to use HTTPS.
2. Make sure outgoing links are pointing to HTTPS
Start by updating links at the source: when adding links in WordPress, paste the https:// version of the URL and avoid protocol-relative links (e.g., //example.com) unless you’ve verified the destination supports HTTPS.
Finally, validate automatically: use a crawler (or a broken-link checker) to flag non-HTTPS external links, and spot-check high-traffic pages in your browser’s DevTools/console for mixed-content warnings — then fix or remove any destinations that don’t reliably support HTTPS.
3. Add redirects to non-HTTPS URLs
Configure a site-wide 301 redirect at the web server (preferred), so any request to http:// is automatically sent to the same address on https://. After adding the redirect, confirm your TLS/SSL certificate is installed, update WordPress settings to use the https:// site URL, and test a few pages to ensure there are no redirect loops and that mixed-content issues are resolved.
4. Update your XML sitemaps
Make sure your site’s canonical URL is HTTPS (WordPress Address/Site Address and any SEO plugin settings), then regenerate the sitemap using your SEO plugin (or your CMS’s built-in sitemap) so all listed URLs, image URLs, and lastmod dates are current and use https://.
Finally, resubmit the sitemap in Google Search Console and Bing Webmaster Tools, and monitor for crawl errors—especially “submitted URL seems to be a soft 404,” mixed HTTP/HTTPS entries, or URLs that still redirect.
5. Submit your website to Google Search Console
Sign in at search.google.com/search-console and add your site as a property—ideally choose Domain property so it covers all subdomains and both HTTP/HTTPS (then verify via a DNS TXT record with your domain provider).
Once verified, confirm Google sees the correct HTTPS canonical version, submit your XML sitemap (e.g., /sitemap.xml) under Sitemaps, and use URL Inspection to request indexing for key pages.
From a security standpoint, ensure the site is serving valid HTTPS, and restrict Search Console access to only trusted accounts with the minimum necessary permissions.
Why is it important to secure your website?
A secure website isn’t just a nice-to-have. It’s an essential for a successful small business. Let’s dive into some of the main reasons why you should take website security seriously.
Protects your website visitors
Any weakness can be used to expose your visitors to harm — even if they’re “just browsing.” If an attacker compromises your site, they can inject malicious code that steals logins and payment details, tracks visitors, redirects them to phishing pages, or delivers malware (often without obvious signs).
Strong security controls — HTTPS, timely updates, least-privilege access, secure plugins/themes, and monitoring — help keep the data your visitors share private and ensure the pages they load are authentic and safe.
Protects your online assets
Your site is a gateway to revenue, customer data, internal accounts, and your brand reputation. If attackers gain access, they can deface content, steal databases and backups, hijack admin accounts, reroute traffic, run spam campaigns from your domain, or hold your site for ransom, causing downtime and long-term SEO and trust damage.
Strong website security helps preserve ownership and continuity of the systems and data your business depends on.
Gives you a competitive advantage
Securing your website can directly improve customer confidence and conversion. A site that consistently loads over HTTPS reduces abandonment and support issues, while breaches create downtime, reputation damage, and lost search visibility.
Strong security practices make your business more resilient.
Protects your reputation
Securing your website protects your reputation because customers judge your brand by how safe and reliable your online experience feels. A single incident — malware injections, spam pop-ups, phishing pages, data leaks, or even a browser “Deceptive site ahead” warning — can quickly erode trust, impacting your sales long after the technical issue is fixed.
Beefing up security controls can help prevent public-facing incidents and demonstrate that your business takes customer safety seriously.
Prevents loss in sales and revenue
Malware or defacements can trigger browser and search-engine warnings that stop traffic cold.
With basic security measures in place, you can reduce the chances of an incident that interrupts sales — or makes customers hesitant to buy in the first place.
What else do I need to do to protect my website?
Source: Pixabay
An SSL certificate encrypts the data being sent to and from your website, but it doesn’t protect your website against malware or DDoS attacks. These are other important security measures to consider for full website security.
Hacking is a major issue for businesses of all sizes.
- Economic impact: Direct revenue loss during website downtime, expenses for incident remediation, recovery costs, and potential legal fees.
- Reputational damage: Negative media coverage, loss of customer trust, damaged brand reputation, and long-term impact on customer acquisition.
- Regulatory consequences: Significant fines and penalties for failing to protect personal information under GDPR, HIPAA, or Payment Card Industry (PCI-DSS) compliance requirements.
- Business disruption: Website outages, slowed performance from bot attacks or DDoS attacks, and operational interruptions that are particularly costly for ecommerce businesses.
SEO benefits of HTTPS
Implementing HTTPS boosts your website’s trustworthiness by ensuring secure data transmission between your server and users’ browsers. Modern browsers flag non-HTTPS websites as “Not Secure,” which can negatively impact user perception and engagement.
By adopting HTTPS, you not only protect your users’ data but also align with best practices that search engines may favor, potentially improving your site’s visibility in search rankings.
Secure your website now
Fixing the “Not Secure” warning is one of the highest-impact upgrades a website owner can make because it immediately improves how your site looks to visitors and how safely it handles data in transit.
In most cases, the path is straightforward: install a trusted SSL/TLS certificate, force HTTPS with redirects, and clean up any mixed-content issues so every page element loads securely.
But remember that HTTPS is a foundation, not the finish line. Pair it with core security habits to reduce the risk of downtime, lost revenue, and reputation damage. With these basics covered, you’re building a site people can trust.
Frequently asked questions about secure websites
We’ve covered a lot about securing your website, but in case you still have questions, let’s try to cover them here.
What is HTTPS?
HTTPS is a secure way to send data between a web server and a web browser. It is the secure version of HTTP, the primary protocol used to send data between a web browser and a website. HTTPS is encrypted to increase the security of data transfers, particularly when users transmit sensitive data.
How does HTTPS work?
HTTPS uses an encryption protocol called Transport Layer Security (TLS) to secure communications between a web server and a web browser. It employs an asymmetric public key infrastructure, using a private key controlled by the website owner and a public key available to users.
Information encrypted with the public key can only be decrypted by the private key.
Why is HTTPS important for all types of websites?
HTTPS is important for all types of websites because it encrypts data transmitted between the server and the user’s browser, ensuring that sensitive information remains secure. This encryption protects against data interception and breaches, enhancing the overall cybersecurity of the website.
How does HTTPS contribute to overall cybersecurity?
HTTPS contributes to overall cybersecurity by encrypting traffic between the web server and the browser. This makes it difficult for attackers to intercept or manipulate data, thereby protecting user data and maintaining the integrity of the website.
What are the risks of submitting personal information on a non-HTTPS site?
Submitting personal information on a non-HTTPS (HTTP) site means the data is sent unencrypted, so it can be intercepted and read by anyone who can get access to the connection. Attackers can also modify traffic in transit, injecting scripts or redirecting you to lookalike pages to steal credentials or payment details. Even if the site itself is legitimate, non-HTTPS increases the risk of account takeover, identity theft, and fraud because there’s no strong protection against eavesdropping or tampering.
Do I need a separate SSL certificate for each website?
Customers with multiple websites can consider the Multiple Domains SSL Certificate, also known as SANs (Subject Alternative Names) SSL Certificate. This type of certificate allows you to buy a single SSL that can protect multiple websites, saving money and time. You only need to manage one SSL for all your websites.
Can I use a free SSL certificate?
Yes, but you shouldn’t rely on a free SSL certificate as a “set it and forget it” security solution. Free certificates can be perfectly valid for encryption, but they often come with tradeoffs — shorter lifecycles that require reliable auto-renewal, fewer management/support options if something breaks, and less convenience for non-technical site owners.
For a business website where uptime, trust signals, and fast recovery matter, a paid certificate or a managed SSL service is usually the safer choice because it reduces renewal failures, misconfigurations, and downtime risk.
Does the not secure warning only affect GoDaddy websites?
No, it doesn’t matter where your site is hosted; this impacts all websites. You can get an SSL certificate from GoDaddy, and in our Help Center, you can find more information about how to download the SSL files and manually install the SSL as well.
The post How to fix the “Not Secure” warning on your website appeared first on GoDaddy Blog.
Continue reading...
