Why does my website say “not secure”?

Why does my website say “not secure”?

A security guard, representing a secured website

You’ve just launched your new website and it looks great! “But wait,” you say. “What’s that little warning up by the URL? Why does my website say ‘not secure’?

If you’re viewing your website on a Chrome browser (the browser created by Google), you might see this warning. Google added this feature in 2018 to warn users when they’re visiting a less secure website, one that isn’t encrypted.

For simple websites that don’t collect information from visitors, this lack of security isn’t a huge problem.

However, it can affect your search engine optimization (SEO), making your website rank lower in Google searches.

In this article, we’ll go over what it means for websites to be secure or not secure. We’ll also talk about how you can make your website secure by adding a free SSL certificate.

What does it mean if a website is not secure?

There are two types of connection a website can use: HTTP and HTTPS. You can usually see which connection type a website uses by simply looking in the browser bar.

These connection types both do the same job: they transfer text, images and other files on the World Wide Web. When you visit a website, you see the text and images because HTTP or HTTPS has transferred them from the server to your browser.

However, there’s a crucial difference between HTTP and HTTPS in terms of security. 

HTTP (Hypertext Transfer Protocol)

HTTP was created in 1991 and designed to be as simple as possible. It transfers data between servers and web browsers without worrying too much about who else is “listening in.”

Unfortunately, this means it’s possible for other people to intercept your data when you’re on a website that uses HTTP.

If you’re just visiting a small website and reading the text, it may not be a big deal if other people are spying on you. But what about if you’re shopping online and entering your credit card information? Or if you’re filling out a form with your personal information?

HTTPS (HTTP over SSL or HTTP Secure)

HTTPS transfers data like HTTP, but it sends everything over an encrypted connection. It converts all data into a coded language before sending it, so that eavesdroppers won’t be able to understand it. Then, when the data arrives at its destination, HTTP “translates” it back to normal.

It’s like using a code to pass secret notes to your friends in class. Except that your friends probably use a simple code, whereas SSL uses a 256-bit long encryption key that could take years or decades to decrypt.

Because of this extra layer of security, online stores and other payment websites were among the first to adopt HTTPS.

HTTP vs HTTPS for SEO (your Google ranking)

SEO (search engine optimization) is all about setting up your website so that it ranks as high and as well as possible on search engines. Optimizing a website is a matter of following the practices that most search engines “favour.”

Since Google is the world’s most popular search engine, SEO means following the practices that Google “favours” most of all.

And since Google is on a mission to make encryption the default standard for websites, a key element of SEO is securely encrypting your website with HTTPS.

If your website uses HTTP, not only will Google display a “not secure” warning in its Chrome browser. It will also rank your website lower in Google searches compared to websites with similar content that use HTTPS.

How to ditch the “not secure” warning on your website

You can switch from HTTP to HTTPS to make your website secure by adding an SSL certificate to your site.

Adding an SSL certificate can be a bit technical, but the first step is for you or your web developer to reach out to your web host provider to ask about options.

How to get a free SSL certificate for your website

Five years ago, if you wanted an SSL certificate for your website, your only choice was to purchase one. However, in 2016 a non-profit certificate authority with the goal of making the World Wide Web more secure started Let’s Encrypt SSL—providing free, secure SSL protection for websites.

If your website includes an online store or involves collecting sensitive personal information, you may still want to purchase an SSL certificate. Paid certificates often come with higher levels of security or support.

On the other hand, if you’re running a simple small business website, a free Let’s Encrypt SSL certificate may offer all the security you need. Talk to your web host provider to see if they support Let’s Encrypt SSL and how you can add one to your site for free.

Web Hosting with free SSL included

My web hosting packages are run through GreenGeeks, an eco-friendly web host supplier that supports Let’s Encrypt SSL. That’s why all of my website hosting packages include free SSL setup for a secure website and stronger SEO.