You have an SSL certificate in place and you cannot understand why this alert is triggering. In this post we will help you to determine what the problem is and then fix it so your visitors never see the warning again.
If you do not resolve this problem then you are very likely to lose a lot of visitors. Most people are going to close your web page if they see this alert no matter how trivial the cause is. This can happen on a desktop or laptop or a mobile device.
Having this insecure warning will not help with your ranking in Google or the other search engines either. Google takes a dim view of insecure sites believing that they are open to hackers and that your site may infect the devices that access it.
You Must have an SSL Certificate
The most obvious reason why your website is triggering the “not-secure” alert in browsers is because you do not have an SSL certificate installed on your domain. If your website address starts with http and not https then it is time for you to get an SSL certificate.
At PlusPlus Hosting we take security very seriously. By switching to our Enterprise Premium WordPress hosting package we will provide you an unlimited number of SSL certificates for all of your domains for free.
We offer a ton of great features for a very low price with our Enterprise WordPress Hosting package. You can host an unlimited number of domain names on our super-fast servers. You will also get a free domain name if you choose to pay annually.
You have an SSL Certificate installed but still Trigger the “Not-Secure” Alert
If you have an SSL certificate installed with your domain and are still triggering the “not-secure” browser alert, then the likely cause of this is that your page is linking to resources that have the http prefix rather than the https prefix.
One of the most common causes of this occurs with images. You have a link to an external image which is not secure. The html code for the link is in the format:
<img src=http://anothersite.com/images/computer.png alt=”laptop computer”>
In browsers such as Google Chrome there is a padlock sign just before the URL of the webpage in the address bar. If Chrome detects an unsecure link, then the padlock becomes “crossed out” indicating that there is a security issue and the warning alert triggered.
The visitor to your page may see an alert that says “you do not have a secure connection to this site” or something similar. This is going to put off the vast majority of visitors who are just going to get out of there as fast as they can.
You can check your pages yourself in Google Chrome to identify where the problem lies. Click on the warning icon and read the text. It is likely to tell you that your page has “unencrypted elements”. The link to the http style image would be the cause here.
Another way to test your web page for unencrypted elements is to use a website called Why No Padlock”. Here you just enter the URL of your page and the website will provide you with a report of what is wrong.
HTTPS Errors in a Browser
Another “not-secure” alert can be triggered in a browser if your site is connecting to another site that has an invalid, missing or self-signed SSL certificate. The external page has an https prefix but your browser will show an alert suggesting that “connections to the site are insecure”. Again, visitors that see a warning like this are going to leave right away.
Fixing Unencrypted Elements
If you are displaying an image on one of your pages that has the http prefix rather than the https prefix then there are a couple of ways that you can fix this problem. You need to stop linking to the insecure http link altogether.
You can download a copy of the image and install it locally on your domain. The link to the image will then change to your https domain and this is secure when you have an SSL certificate installed. If you are using WordPress then simply add the image to your Media Library and use this link to it.
Installing an SSL Certificate with WordPress
If you have a WordPress installation then you will need to add an SSL certificate to make it secure. The first step is to add the SSL certificate to your domain. In some cases, you may require a new and unique IP address to add an SSL certificate to your domain.
With an existing WordPress installation, you will need to update all of the URLs stored in the database to https from http. By default, a WordPress installation will use the http prefix for all site links. You are likely to have many of these links in the associated WordPress database and you will need to update them all.
Installing an SSL certificate on a WordPress site (or any other site) can be a tricky business and you can easily run into trouble. There are many benefits to switching to PlusPlus Hosting’s Enterprise WordPress Hosting package and one of the major ones is that we will take care of all SSL installation issues for you.