How to fix ‘Site Not Secure’ error on my WordPress Website

Have you ever opened a website and your browser has displayed a little notice in the corner? Perhaps it says something like ‘Site Not Secure’? Internet browsers like Google have taken new measures in recent years to help increase user safety. One of these features is alerting users when they open a site that is unsafe or containing potentially dangerous content.

If you own a website and see this error when you open it, you might be a little bit confused. “My website doesn’t contain any dangerous content”, you’ll say to yourself. Whilst the content on your website may pose no threat to those around you – there are other, important features of your website that you must monitor in order to remove this icon from your website. This article will take a look at the reasons why your website looks like this, and how you can prevent it.

Why your website is labelled as ‘Site Not Secure’

The answer is simple: Your website does not have an SSL certificate. If you have purchased an SSL certificate, yet are still seeing your site as ‘Not Secure’, I imagine you’d be a bit confused right now. The likely solution to this is that your website’s SSL certificate is not installed, or was not properly configured during the installation and set up.
If your website had an SSL certificate properly installed, you would see something like this:

Notice the padlock. This is now replacing the ‘Not Secure’ sign. Furthermore, you should be able to notice that your URL has slightly changed too. Your URL will have previously read http://yourwebsitename.com. Now it reads https://yourwebsitename.com. This change may seem small, maybe even insignificant – however, it has a big impact on your website’s security that you should know. In order to understand the impacts of an SSL certificate, we must first look at what an SSL certificate is.

What is an SSL certificate?

A Secure Sockets Layer (SSL) Certificate is a way of recognizing your website as safe and trustworthy for your customers. The certificate itself encrypts data sent from your websites visitors in order to prevent hackers and cybercriminals intercepting it.

To be specific, the SSL creates a secure link between the web server and the web browser. Think of it like a wire, the electricity is the data being transmitted from the server to the browser, the plastic coating is the SSL certificate. It acts as a protective shield in order to stop anyone from touching the wire.

Over the years, the SSL certificate has been modified and adapted to best suit security needs of the time. After the original SSL certificate had a few errors, the reinvented TLS (Transport Layer Security), which is what a lot of modern day certificates are still using. However, all of them tend to be referred to as SSL, it’s just easier!

How to fix the ‘Site Note Secure’ error on your WordPress Website

The following process can involve installing an SSL certificate, which is a process that will probably take a few hours. It is also quite a long process in terms of the actions involved, so taking a backup of your website is highly recommended.

1 – Be confident your website doesn’t already have SSL

It is always a good idea to be 100% certain that your website doesn’t already contain an SSL certificate. In order to do this, open an incognito tab, or private browsing window, and type in your website’s URL. However, when doing so, be sure to type the https:// version instead of http://. When doing this, your website will make an effort to connect to the secure version of your website.

If it successfully does (by being able to see the locked padlock), then your website does already have an SSL certificate. It just means the http doesn’t redirect to the https properly, which we’ll get on to later.

2 – Choose an SSL certificate to install

Choosing the right SSL certificate can be a daunting and hard task. With so many SSL companies out there it can be confusing to know which is the right one. Luckily for you, we’ve found the best SSL certificate sellers; The Elite Web Co. With Elite, you have the option to purchase five different plans, all of which vary in content.

The second best thing about Elite is that their SSL certificates are guaranteed to display HTTPS and the padlock icon on browser, hopefully fixing the issue you’ve been experiencing. The best thing about Elite is that they also offer a Managed SSL Service, which involves a member a their great support team installing and managing the certificate on your behalf. Whilst this comes at a higher price, it allows you to kick back and relax. You are also able to skip the rest of this article!

Once you’ve finished installing your SSL certificate, you’ll need to redirect your HTTP links to HTTPS, in order for your websites visitors to discover your new links effectively.

3 – Redirecting your HTTPs

There are two ways in which you can redirect users to your secure URLs. The first is with a plugin and the second is without one. As doing it without a plugin requires delving into and tampering with your core WordPress files, we highly recommend using a plugin.

The first thing to do is create a staging site. Unless your hosting includes staging sites, the easiest way to do this is by using a plugin such as BlogVault. They are a great plugin that you can use to set up a staging site for your website.

4 – Setting up a staging site with BlogVault

1. Install and activate BlogVault onto your WordPress site. Do this by opening your dashboard, heading to plugins and then pressing on ‘Add New’ in the top left corner. Then, search for BlogVault, then press install. Once it is installed, press activate in order to make the plugin live on your site.
2. In the left panel on your dashboard, scroll down and select BlogVault.
3. Fill in your email address and hit Get Started.
4. Press add in order to add your website to the BlogVault dashboard.
5. Now the plugin will automatically start to take a backup of your website. Once this is done, navigate to the BlogVault dashboard, then to sites, then press on your website.
6. You should be able to see a staging section. Press Add Staging, then Submit.
7. Now, BlogVault will start to create a website for you; they will also provide you with a username and password which you should take note of.
8. After this, open your staging site in a new tab, and enter the user credentials you noted down when you are prompted to. You will now be able to access your staging site as and when you need to. Simply type in your website’s URL, followed by /wp-admin/, then log in using the same details you just logged in with.

5- Implement your SSL certificate across your website

Now, you need to install the Really Simple SSL plugin to your staging site.

You can do this by following the exact same steps you took to install BlogVault (except search for Really Simple SSL, obviously).

Once activated, you will have a notice on your dashboard asking you to take a backup of your website – which of course you have already done. Now it will prompt you to ‘Go Ahead, install SSL!’. By clicking on this, your HTTPS will be implemented across your site.

Next, you need to give your caches a quick clear, just to make sure everything is running smoothly. You should also check all the pages of your staging site, making sure that the URLs have been updated correctly and that all your pages and posts are operating as normal.

Alternatively, you can use one of the below tools. Those tools will automatically scan and search your staging site to see if any of the pages don’t have the SSL certificate active. If that’s not the case, you’ll receive a notification to let you know. These are the best checkers we’ve found:

• https://www.sslchecker.com/insecuresources
• https://www.ssllabs.com/ssltest
• https://www.whynopadlock.com/

6 – Update your changes to your live website

Once you’ve ensured your website is looking good, you need to merge your staging site with your live one.

• Reopen your BlogVault dashboard, and head to the staging section.
• Click on Merge, then press Continue to begin the merging process.

Congratulations, after you’ve given your website a quick check in a Private Browsing Window, you’re website will have SSL fully implemented!

Mixed Content Issues

There may be a few instances where the redirection process may not go to plan. In this case, you may see some errors, or incomplete merge processes. These are known as Mixed Content Issues, as it sometimes will display both HTTP and HTTPS on your site. You will be able to identify Mixed Content Issues easily through the SSL Checker Tools we’ve linked above.

If you have mixed content issues and are looking to get rid of them, take a look at this useful blog post by WP Beginner, which will show you how to fix mixed content issues using the SSL Insecure Content Fixer plugin.

Update Google so the world will know

Now that you’ve successfully installed an SSL certificate, tell people! There’s no use updating it and doing nothing, you want people to be able to find your newly-secure website. If you don’t complete this next step, Google will not recognise your HTTPS version, and will continue to collect data from the old, HTTP version of your site.

In order to do this, go to Google Search Console. From here, you’ll want to add a new property for your HTTPS version of your site. Do this by selecting website, then entering your website’s URL. After that, you’ll need to re-enter your sitemap files, once again with the HTTPS versions.

Now you need to do the same on Google Analytics. If your Search Console and Analytics are linked, you can do this simply. Navigate to property settings and then default URL. You should then be able to click on a dropdown button and select https://. Then click on view settings and do the exact same. And voilà! Google will now be scanning and collecting data from your new, safe website!

In summary…

Whilst this may seem like a lot of hassle for a small update, it’s important to remember that the benefits that you will receive in the future are worth it for the short amount of time spent on this. Keeping your website safe for all of your visitors is incredibly important if you want to keep their trust and loyalty. These updates are vital and are sure to improve your website’s security in the future!