Are you seeing a “Not Secure” warning when you visit your website? If so, don’t worry – it doesn’t have to be a permanent issue! In this blog post, we’ll explain the top 6 reasons why your WordPress website is showing “Not Secure,” and how you can get back to business as usual. With our helpful advice on HTTPS encryption, SSL certificates, domain names, and web hosting plans, you’ll soon have a secure website that visitors can trust. Let’s dive in!
Your TLS/SSL Certificate Has Expired.
The first reason why your WordPress website is showing “Not Secure” is that your TLS/SSL certificate has expired.
What is an SSL Certificate?
An SSL certificate is a type of encryption technology used to secure data that is being transferred between two web servers. It works like this: when someone visits your website, their browser sends an encrypted request to the hosting server. The server then decrypts the request and sends back an encrypted response. This entire process happens in milliseconds and without any noticeable slowdown for users accessing your website. The most important thing about using an SSL certificate is that it ensures all communication between you and visitors remains private. Without one, anyone with access to public networks can potentially intercept sensitive information such as passwords, credit card numbers, or other personal details. As a result, having an expired TLS/SSL certificate will cause browsers to display “Not Secure” warnings on pages where visitors are expected to enter confidential information – which could drive away potential customers from your site!
Luckily enough, renewing or replacing your TLS/SSL certificates isn’t difficult at all once you understand what needs to be done.
Depending on how much effort you want to put into securing your site (and protecting customer data), there are three main ways for WordPress owners to obtain valid SSL certificates:
- free options from Let’s Encrypt;
- inexpensive options from businesses like Namecheap;
- or paid options from companies such as Comodo or DigiCert.
Whichever option you choose, ensure it meets industry standards so that browsers will trust it!
When you purchase a secure web hosting plan, it will come with an SSL certificate that needs to be installed on your hosting server and renewed every year. If the renewal isn’t done in time, then visitors to your site may see the not secure warning. Fortunately, there are plenty of low-cost options available for renewing and reissuing your SSL certificate, so this should be a quick fix!
We install and maintain SSL certificates for all our WordPress Care and Hosting packages
You Haven’t Enabled HTTPS Encryption.
Another common cause of seeing “Not Secure” on a WordPress website is because HTTPS encryption hasn’t been enabled yet.
To keep user data safe while they’re browsing online, websites need to use Hypertext Transfer Protocol Secure (HTTPS). This protocol encrypts any information transmitted between the server and browser – making it unreadable by anyone who might intercept it during transmission. If you haven’t set up HTTPS encryption, now’s the perfect time to do so!
Sometimes the fix for’ chrome says not secure but certificate is valid ‘ can be solved with a check on the WordPress General Settings. With WordPress sites, it is essential to make sure that your WordPress Address (URL) and Site Address (URL) are both set to HTTPS protocol,
Also, make sure all HTTP (not secure) requests are redirected to the secure version, either by .htaccess rules, a plugin or by using a reputable hosting environment such as WPEngine
You are Using Mixed Content on Your Website.
The third reason why your WordPress website is showing “Not Secure” is that you are using mixed content on your website. Mixed content means that a page that should be loaded over a secure connection (HTTPS) contains elements like images, videos, or other resources which are being requested over an insecure connection (HTTP). This happens when you have some assets still pointing to the HTTP version of your domain instead of HTTPS. It can also happen if you have external scripts and stylesheets from third-party services, such as ads or analytics tracking codes, embedded YouTube videos, etc., that are not set up with the correct protocol.
While these types of requests won’t necessarily cause any direct harm to visitors browsing the site, their presence will trigger browsers to display “Not Secure” warnings for users – so it’s important to address this issue as soon as possible!
Fixing mixed content issues on WordPress websites isn’t always straightforward, but there are tools available that can help make it easier. Plugins such as Really Simple SSL and SSL Insecure Content Fixer offer effective solutions for automatically detecting and fixing mixed content errors, while manual methods such as manually checking all files in source code for HTTP references can also work in certain situations. If you need help, we are happy to eliminate the mixed content issue for you
You’re Not Using a Dedicated IP Address for Your Website.
The fourth reason why your WordPress website is showing “Not Secure” is that you are not using a dedicated IP address for your website.
A dedicated IP address is a unique numerical identifier that can be used to identify an individual computer or server on the internet. Having one assigned to your site means that browsers will trust it more than sites sharing public IP addresses.
It also allows SSL certificates to function correctly since they need an IP address to be appropriately validated. If you don’t have a dedicated IP address for your site, then getting one isn’t too difficult – most web hosting companies offer them as part of their service packages (sometimes at additional cost).
Once you have purchased a dedicated IP from your hosting provider, all you need to do is update your domain DNS records so that web browsers know where to find the new version of the site when they try revisiting it.
You Aren’t Configuring Security Settings Properly in Your .htaccess File.
The fifth reason why your WordPress website may be showing “Not Secure” is that you are not configuring security settings properly in your .htaccess file. The .htaccess file is a configuration file stored on the server which contains various directives to control how users access the site, including redirects, authentication rules, and more. If these settings aren’t configured correctly, then it could lead to browsers displaying “Not Secure” warnings when they try accessing your pages.
The most important setting you need to configure for HTTPS encryption to be adequately enabled is the rewrite rule – this tells web browsers where they should go if they request an insecure version of one of your pages (such as http://example.com instead of https://example.com). You can find detailed instructions for implementing this rule online, but ensure that you have added it before attempting any other fixes or changes – otherwise none of them will work!
Additionally, there are some additional steps you can take to further improve security, such as adding Content Security Policy headers into the .htaccess file or enabling HSTS (HTTP Strict Transport Security) – both of which can help protect visitors from potential malicious attacks even further by making sure all requests are handled over a secure connection only.
Outdated Server Software.
Lastly, the outdated server software can also cause your WordPress website to show “Not Secure” warnings. If you’re running an older version of Apache or PHP on the server where your site is hosted, then it may not be able to support modern encryption standards – meaning that browsers will display warnings when visitors try accessing pages on your site.
Therefore, if you notice any warning messages appearing in the browser console regarding HTTP connections, then it’s worth checking which versions of the software are running behind the scenes and updating them accordingly. Also, take note of the WordPress site dashboard “PHP upgrade needed” warnings
It’s important for all website owners to stay up to date with their security measures, as this helps protect both themselves and their users from potential harm.
Even if you have addressed all the above issues and your WordPress website isn’t showing “Not Secure” warnings anymore, there are still other steps you can take to further improve safety levels – such as installing a dedicated SSL certificate or enabling two-factor authentication for user accounts.
With more people now using the internet than ever before (and cybercrime increasing at a rapid rate), ensuring that your website is secure should be a top priority – so why not make sure yours is doing everything possible to keep its visitors safe?