SSL Website

How to Avoid Google Chrome’s Not Secure Warning (In 4 Steps)

Not secure warning in Google Chrome

If you’re a Google Chrome user, you’ve probably visited at least one website that your browser told you was “Not secure”. It’s hard to miss this warning since Chrome displays it in big red letters next to the site’s URL. This can be a problem if the message appears on your own website as it can scare visitors away.

The good news is that the warning itself is pretty easy to remove. All it takes it setting up a Secure Sockets Layer (SSL) certificate for your website. In this article, we’ll guide you through that entire process, including:

  1. Getting an SSL certificate
  2. Installing your certificate through your web host
  3. Changing your WordPress URL
  4. Implementing a site-wide 301 redirect

If you don’t understand what some of this means, don’t worry. By the time we’re done, you’ll be an SSL pro, and be able to make short work of the Not Secure Chrome warning. Let’s get to work!

What Does the Not Secure Warning in Chrome Mean

For a while now, Google has been hard at work warning people when they’re visiting websites that may not be safe. The primary criteria Chrome uses to determine whether a site is secure or not is its use of HTTP versus HTTPS. A site using the former will be penalized with a warning like this one:

The Not Secure Chrome warning.

In some cases, you’ll also see an even scarier “Your connection is not secure” Chrome error, which looks like this:

The Your connection is not secure Chrome warning.

The main reason Chrome started doing this was to incentivize website owners to adopt the more secure HTTPS protocol. During the past couple of years, HTTPS adoption has skyrocketed, thanks to this and other initiatives.

In case you’re not sure what HTTP and HTTPS are, let’s go over some basics. For a long time, HTTP has been the protocol browsers use to send and receive information from web servers. It’s this type of protocol that enables you to read this article right now, as well as view the rest of our website.

The problem is that HTTP is not ideal from a security standpoint. For example, the protocol is susceptible to man-in-the-middle attacks, which means it’s not a safe way to transmit sensitive data. HTTPS, on the other hand, encrypts your connection to the website you’re accessing. In other words, it keeps you and your information a lot safer.

If you’re running a website that’s still using HTTP, you can transition to HTTPS fairly easily. All it takes is setting up an SSL certificate, which provides the authentication factor HTTPS requires to function. In other words, the certificate tells browsers that your website can be trusted, and that it’s safe to connect to it via HTTPS.

Using HTTPS on your website is more important now than ever. Beginning with the release of Chrome 68 back in July 2018, Google now marks all HTTP sites as “Not Secure”. Naturally, that’s something you’ll want to avoid unless you don’t mind losing traffic.

How to Avoid the Not Secure Chrome Warning (In 4 Steps)

Avoiding the Not Secure Chrome warning is relatively straightforward. As we mentioned earlier, you’ll first need to get an SSL certificate for your website. Then you have to install it and configure your WordPress website to load over HTTPS by default. This is all simpler than it sounds, so let’s jump right in.

Step 1: Get an SSL Certificate

Obtaining an SSL certificate is relatively simple. However, you will need to pay for it in most cases, to certify that your website is trustworthy. Fortunately, SSL certificates don’t need to be expensive. With Hostinger, you can buy a lifetime SSL certificate for as little as $11.99:

Our Hostinger SSL certificate prices.

The only catch is that this offer only works if your website runs on Hostinger. We also provide yearly SSL certificates starting at $7.49, although it usually makes more sense to spend a few extra dollars to get the lifetime option. Plus, Shared Business and Cloud Hosting plan users can get an SSL certificate for free.

Once you’re ready to purchase your SSL certificate, just choose the option you want and complete the checkout process. You can even buy an SSL certificate directly from your control panel if you’re already a Hostinger user. Just head over to the SSL tab, and look for the Buy SSL Certificate button at the bottom of the screen.

Once your certificate is ready, you’ll still need to set it up before you can say goodbye to the Not Secure Chrome error.

Step 2: Install Your Certificate Through Hostinger’s Members Area

Your Hostinger account enables you to access a special members area or control panel. There, you can find a host of options you can use to manage your websites and get access to all the extra features we offer, such as email accounts:

Some of the features you can access from your Hostinger control panel.

To install your new SSL certificate and get rid of the Not Secure Chrome error, head over to the SSL tab. Inside, you’ll see a list of your available SSL certificates and their associated domains. If you bought your certificate from us, all you have to do is select the Install button next to its listing, and we’ll set it up for you.

If you got your certificate from somewhere else (don’t worry, we won’t take it personally!), you can also set it up through this screen. Just scroll down to the Custom SSL section, and select which domain you want to use.

Then, paste the contents of your certificate’s certificate.txt and privatekey.txt files into the two corresponding fields below:

Adding a custom SSL certificate through your Hostinger control panel.

There’s one final section labeled Certificate Authority Bundle, but you can ignore that setting in most cases. Once you’ve filled out all the other fields, hit the Install button, and your certificate will be ready to go.

Now, your website has a brand-new SSL certificate all set up. However, that’s not enough to get rid of the Not Secure Chrome warning. To take care of that, you’ll still need to change your WordPress URL and force the platform to load over HTTPS. Otherwise, your certificate will just sit there collecting dust.

Step 3: Change Your WordPress URL

Right now, your WordPress website will still be using an HTTP URL. Before you can force the platform to load over HTTPS, you’ll need to change that primary URL. To do this, log in to your WordPress dashboard and navigate to the Settings > General tab.

You’ll see several options inside. However, the two we’re interested in are WordPress Address (URL) and Site Address (URL):

Tweaking your WordPress URLs.

What you need to do now is change both URLs to use HTTPS instead of HTTP, by simply adding in the extra “s” to both. Then, save your changes to this page.

Right now, you might be wondering why there are two different fields to configure your WordPress URL. That’s because the WordPress Address field tells the platform where your site’s core files are. The Site Address field, on the other hand, specifies where visitors can find your website.

In most cases, both fields will be identical. However, you can also install your WordPress core files in a different directory, which would alter the WordPress Address field. Even in that case, the only change you should make right now is to replace HTTP with HTTPS in both fields.

Once you do that, you’re a lot closer to getting rid of the Not Secure Chrome warning. There’s just one more thing you need to do before your website can be considered safe (at least by Google’s standards).

Step 4: Implement a Site-Wide 301 Redirect

At this stage, visitors will already be able to access your website via HTTPS. The problem is that a lot of them may still end up using HTTP instead. They may have your old URL bookmarked, for example, or they might visit from an old link on an external site. To solve this problem and protect those users, you need to tell WordPress to re-route all HTTP traffic over HTTPS.

To do that, you’ll need to set up what’s called a redirect for your entire website. There are several types of redirects you can use, but the best one for this scenario is the 301. This is what’s called a ‘permanent’ redirect, and it tells search engines that your website has moved to a new address permanently.

There are two ways you can set up a 301 redirect for WordPress. The first involves using a plugin such as Really Simple SSL, which forces WordPress to load over HTTPS with very little input needed on your end:

The Really Simple SSL plugin.

All you have to do is install the plugin, and it will automatically look for an SSL certificate that’s associated with your website. If it finds one (which it should, if you’ve made it this far), it will enable HTTPS automatically.

Although this plugin approach is remarkably simple, it’s not something we’d recommend in most cases. The problem with plugins is that they sometimes break due to updates or conflicts. When it comes to a key functionality such as HTTPS, you may not feel secure depending on a third-party plugin.

Fortunately, you can also set up a 301 redirect for your website manually. To do this, you’ll need to connect to your server via File Transfer Protocol (FTP). For that, you’ll require an FTP client such as FileZilla.

Once you have the FileZilla set up and ready to go, you’ll also need to retrieve your FTP credentials, which are not the same as the ones you use to access your website. You can find these credentials within your Hostinger control panel, under the Files > FTP Accounts tab:

Checking out your FTP account credentials.

Take note of your credentials, and use them to connect to your website via FileZilla. Once you establish a connection, access your site’s public_html folder, which is also known as the WordPress root directory.

You’ll find a lot of files and folders inside this directory. However, the one we’re interested in is called .htaccess. This file contains instructions for your server, and it enables you to implement a whole host of features, such as browser caching and redirects.

To open this file, right-click on it and select the View/Edit option. This will open .htaccess using your default text editor, enabling you to make changes to it:

Editing your htaccess file.

Keep in mind that you’re dealing with a highly sensitive file, so don’t make any changes to it beyond our instructions (unless you’re very confident in what you’re doing).

To create a 301 redirect through your .htaccess file, you’ll need to add a new rule at the very bottom. Here’s a snippet you can copy and paste:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^yourwebsite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yourwebsite.com [NC]
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [L,R=301,NC]

Let’s break down what this code does. The first two lines after RewriteEngine on tell your server the conditions a connection needs to meet, in order to apply the rule you’re about to specify. In this case, the only condition is that someone needs to try and access your website using HTTP.

When that condition is met, WordPress will re-route the connection to the URL you specify after RewriteRule. In this case, that’s your website’s domain, only using HTTPS instead. Notice that we’ve included placeholders within the code where your URLs should go. Replace those within your .htaccess file, and save your changes.

If you’re using FileZilla, the client will ask if you want to overwrite the existing version of your .htaccess file with the new one. Go ahead and say yes, then try visiting your website using the old HTTP address. If you’ve set everything up correctly, WordPress will re-route you to the HTTPS version of your site (which you can check by looking at the address in your browser).

Once you enable HTTPS, that should take care of the Not Secure Chrome warning. Now, you shouldn’t lose any more visitors because they’re afraid to use your site. Plus, information transmitted through your site will be more secure, which is good news for everyone.

Conclusion

If Google Chrome tells you that your website is not secure, you’ll want to do something about it. These days, setting up an SSL certificate is easier than ever, so there’s no excuse not to use one. Plus, having this type of certificate in place will also protect your visitors’ personal data. Fortunately, you can purchase an SSL certificate for cheap through your Hostinger account.

Do you have any questions about how to avoid the Not Secure Chrome warning? Let’s talk about them in the comments section below!

About the author

Will Morris

Will Morris is a staff writer at WordCandy. When he's not writing about WordPress, he likes to gig his stand-up comedy routine on the local circuit.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More in SSL, Website
Best PHP Frameworks
8 Best PHP Frameworks for Web Developers

Close