When a website says it’s not secure, you may hesitate to continue and visit it. So when your own WordPress website is saying “not secure,” that might make you even more stressed. Knowing why you get that message will help you fix it so that you can run a secure website.
Why does your WordPress website say “not secure?” There are multiple reasons why a WordPress website would say it isn’t secure. One common reason is the lack of an SSL (security) certificate. Other potential causes include an expired SSL certificate, no security plugin, and certain required updates.
Determining the precise reason why your WordPress website says “not secure” will help you figure out the right solution. While most cases will have the same cause, the solution could still differ slightly based on your hosting company and other factors. Plus, securing your website is almost expected nowadays.
Why Should Your Website Be Secure?
The growth of the internet has led to many people being able to create websites and showcase their work online. However, that growth has also led to an increase in the potential for security issues. Now more than ever, securing your website is essential to protecting it from hackers, spam, and other problems.
Also, more and more people use the internet now, and many people have come to expect some level of security from the websites they visit. Data breaches experienced by large companies can affect millions of users, so securing your website is a given. Even if your website is just for you, odds are someone will come across it, and it should be secure when that happens.
The issue is so prevalent that Google has started cracking down on websites that aren’t secure. It will display a “Not secure” label when an unsecured site shows up in search results, which could keep someone from visiting your site. That’s right; you can have the most interesting content online, but a lack of security might turn away otherwise eager visitors.
Whether you do most of your business online or you just want to show your work to friends and family, having a secure site will put everyone at ease. It’s especially important if you want to take payments on your website since secure websites can encrypt payment information. If you want to learn more about the importance of a secure website, click here.
More Trust for Secure Sites
Many sites have some form of security, so it has become the standard of the internet. Sites without a secure label can easily fall to the wayside, even when they have great content. By default, your site probably won’t have a secure label, so it’s up to you to add it.
Making your site secure matters in most cases, though it’s very important for online businesses. If you want customers to pay on your website, you need to give them peace of mind that their information won’t get hacked. A secure website will encrypt that data so that not even you can access it.
Perhaps you have a blog, and you don’t plan on charging customers at all. Well, a secure site will still come in handy as it will still help your visitors trust you and your website. That extra level of trust will encourage readers to come back to your site, and it can even help attract new visitors.
The know, like, and trust factor is a huge part of doing business, and you should do your best to build that factor with your audience. Even small audiences have an impact, and they may not recommend your site if it isn’t secure. Still, a secure site will also benefit you as the owner.
Less Risk When Running a Secure Site
Setting up and running a website will always come with risks. However, making your site secure can reduce your risk of encountering malicious activity. Secure sites encrypt any data that gets transmitted, including payment information, passwords, and other information.
That means that you don’t have to worry as much about your website being hacked. Your admin login information will be safely stored so that hackers can’t get to it as easily as if your website wasn’t secure. If you upload personal information to your site, that will also be held for safekeeping.
Anything that you upload to your website will have an added layer of protection compared to no security. If you log into an unsecured site, someone could hack into the database and get access to your login information. At best, they can log into your account, and at worst, they could destroy your entire website.
You already need to put yourself out there when you run a website, so you might as well do what you can to protect yourself. If you can reduce your risk of hackers and spam attacks, that will help keep your website safe. And of course, there will be less risk for your visitors when they need to input sensitive information.
Why WordPress Says “Not Secure”
The biggest reason why your WordPress site would say “not secure” is that you don’t have a current SSL (Secure Sockets Layer) certificate. These certificates are what help encrypt your data across tons of websites. Websites from Google to Facebook to small businesses employ an SSL certificate to protect data and their overall site.
If you’ve used an SSL certificate, the reason might be that the certificate expired. And if you find that you have a current certificate, it could be that your website needs some updates. WordPress updates sometimes include fixes for security problems, so you might need to update your site to resolve the problem.
Similarly, certain plugins might cause your site not to be secure. If the error appears after you update or add a new plugin, that could be the culprit. To check this, you can remove the plugin and see if that gets rid of the problem.
While these smaller issues can occur, more often, the reason will be some issue with an SSL certificate. If your WordPress site says “not secure,” you should ensure that you have an SSL certificate, that it’s active, and that it fulfills your needs. That way, you can protect you, your website, and your visitors from negative activity.
No SSL Certificate
If you keep getting a message from your WordPress website that says “not secure,” the most probable cause is that you don’t have an SSL certificate. An SSL certificate is essential to securing your website and protecting the data on it. Of course, you should know how to check for an SSL to determine if you have one or not.
- Look at the bar on your browser where you search or type a URL.
- Next to the URL, you may see a padlock. Some browsers will also make the padlock green, while on others, it might be gray.
- That padlock is one way you can tell that a site has an active SSL. However, no padlock doesn’t necessarily mean no SSL.
- Another thing to check for when viewing a site is the beginning of the URL. In the past, the standard at the beginning of a URL was HTTP.
- With the increase in the importance of security, another standard came to be: HTTPS.
- That extra “S” tells you that the site is secure.
If you don’t see a padlock or your website starts with HTTP, that means you probably don’t have an active SSL. Now, don’t panic; anyone can get an SSL for their website. Once you get the certificate, you can add it to secure your site.
Still, you may have some questions about SSL certificates, like how much they cost, and how to get them. If you want to take your website security to the next level, an SSL is perfect. You need to choose the right type and place to get one.
Does It Cost Money?
The basic version of an SSL certificate is completely free. You don’t have to pay anything to get a certificate, but there are paid versions with advanced features. All SSL certificates come with the ability to display your website with HTTPS at the beginning, but the paid options offer more than that.
- Paid SSLs include the option for Organization Validation (OV) and Extended Validation (EV). These options can help protect businesses online.
- Free SSLs also don’t require more than verification of the site owner’s identity. On the other hand, paid SSLs usually involve a more rigorous verification from a Certificate Authority (CA).
- A paid SSL also lasts much longer at one or two years. You have to renew a free SSL each one to three months.
- Paid SSLs include warranties, which can protect you if something goes wrong on the CA’s end.
While you don’t have to pay for an SSL certificate, it can be a good investment. Especially if you use WordPress for business, you want to protect yourself and your site. Choosing to pay or get a free SSL is a personal decision.
The good news is you can always switch to a different certificate when your current one expires. Still, you should consider your options when choosing a certificate. If you want to know more about free versus paid SSLs, click here.
What Are the Different Types?
Aside from the cost, there are a few different types of SSLs that you can choose from. Not every type is best for every site, so consider a few options. That way, you can choose the best type of SSL for you and your website.
One of the most common types of SSLs is the Single SSL. This type is perfect if you only own one site, and it can secure one domain or subdomain. Compare that to the Multi-Domain SSL, which covers, as you might expect, multiple domains.
If you run multiple websites, this can be a good option. It’s also a nice choice if you work as a web designer or developer and create websites for clients. This type of SSL works to protect more than one domain name, though it’s unclear if there’s a limit.
In between, there’s the option for a Wildcard SSL. This type covers one domain name, but it can also protect all subdomains associated with it. If you have one main website but use subdomains to organize your content, this is your best option.
Other types of SSLs revolve around the type of validation required. Some SSLs only require validation of the domain name, and you can receive it the same day as you apply for it. There are also Organization Validation and Extended Validation SSLs that take a few days to receive since your business needs to be verified.
Consider the type of website you have and what you use it for before you decide on the best type of SSL for you. You can also consult a lawyer or business professional for help choosing. If you decide you need to change certificates, you can do that in the future.
How to Get an SSL Certificate
Now that you know your site doesn’t have an SSL, and you have chosen what type you want, it’s time to get that SSL certificate. Unfortunately, you can’t get any SSL from anywhere. The type you choose can determine where you can get one.
- If you choose a free SSL, you can probably get one from your website hosting company. To do this, log into your hosting account.
- You can then search your dashboard and look for information about SSLs. Contact your host if you have questions.
- Next, apply for the SSL that you want. You may need to wait for it to be approved. Once you get one, you can apply it to your website.
- For paid SSLs, you may need to go outside of your hosting provider. In this case, you should look to a Certificate Authority. These organizations will verify your information and provide your certificate after acceptance.
- After you get an SSL, you can apply it like you would a free one.
Getting even the most complicated SSL doesn’t have to be difficult. If you decide to go through a Certificate Authority, you can use one, like RapidSSL or Symantec. Plenty of other companies also offer SSLs, so you should choose a company you’re comfortable with.
How to Renew It
All SSLs will expire at one time or another, either in a few months or a year. When that time comes, you’ll want to renew it. Otherwise, you might get another “not secure” warning from your WordPress website.
That’s why being able to renew your SSL is just as important as getting one. After all, you don’t want your website to be secure one day and not secure the next. The exact steps will vary based on how you initially got the SSL.
If you got your SSL through your host, you’ll need to log back into your hosting account. You should be able to renew your SSL through your dashboard. Don’t be afraid to contact your host if you need help.
Going through a Certificate Authority, you can go to that CA’s website. You may need to log in to an account, and you can create a Certificate Signing Request. Then, you’ll be able to apply for a renewal of your SSL.
Make sure you set an alert in your calendar to remind yourself when it’s time to renew your SSL. That way, you can avoid potential lapses in security. But don’t forget some changes you may need to make after you get your SSL set up.
Changes to Make After an SSL Certificate
Now that you have an active SSL, you may still notice a “not secure” warning. That’s because you still have a couple of changes to make within your website settings. Specifically, you have to change the URL of your website to complete the process of securing your site.
- Head to your WordPress dashboard, then Settings, then General.
- You should see the option to change your site title, tagline, and URL.
- If it didn’t change automatically, you’ll have to change HTTP to HTTPS in your URL for both WordPress and the regular site address.
- To make this process even easier, you can use a plugin, like Really Simple SSL. Installing this plugin will help switch HTTP to HTTPS. However, it’s not necessary, especially since it’s easy enough to make the change yourself.
Once you switch your site over to SSL and have it display as HTTPS, you should be able to use your site as normal. The “not secure” error should go away, and you can get back to editing your site. Of course, things may happen, and you can learn more about fixing problems with your SSL here.
In the world of the internet, there’s nothing as scary as seeing your WordPress website say “not secure.” While this isn’t always a huge concern, knowing why you’re getting that message will inform your next steps. From there, you can look into getting a new SSL certificate and making your site more secure for you and your visitors.