How To Fix the HTTPS Not Secure error

In 2018, Google began marking all websites not using HTTPS as Not secure in Chrome browser.

The warning indicates that the connection between your browser and the server, where the website is stored, is not secure. The data sent and received is unprotected and it could potentially be stolen or modified by attackers and other parties with access to internet infrastructure.

In order to avoid the Not secure warning being displayed in Chrome, you will have to enable HTTPS for your website. For websites that have already migrated to HTTPS but still see the Not secure warning, please refer to the section Identify insecure content below.

Install a new SSL certificate

In order to change from HTTP to HTTPS, you’ll need to acquire an SSL certificate for your website. It can be a free one, like Let’s Encrypt, or a commercial certificate. Both are suitable and both will avoid the Not secure warning being displayed.

DIHOST is offering both, free Let’s Encrypt (with every hosting package), and commercial certificates. For business and e-commerce websites we strongly recommend using a commercial certificate.

If you have a shared hosting package (with cPanel), a certificate will be issued automatically for all your websites within 24 hours after adding the domain to the cPanel account.

For cloud hosting packages, a free Let’s Encrypt certificate can be enabled in the cloud panel (see SSL Manager).

Last but not least enable the automatic HTTPS redirection. This will redirect all your visitors from HTTP to HTTPS.

If you are using WordPress, update the siteurl and home fields to https:// in General settings. Before saving the changes, ensure that you can access your website through HTTPS as you won’t be able to access it otherwise.

Identify insecure / mixed content

If your website is still showing the Not Secure warning, even after enabling a SSL certificate, your website (or script, like WordPress) might still be loading images and other content over HTTP.

To identify those images and other static files, we recommend using the website https://www.whynopadlock.com/ which will display all content loaded over HTTP. After entering your website URL and after the analysis is completed, navigate to the bottom of the page, to the Mixed content box.

As you can see on the example screenshot above, there is one image (5atest2.jpg) that was loaded over HTTP. To identify the image you can open the URL in your browser. This will help you to find it on the website and in the WordPress administration.

In most cases it is enough to re-select the image within the WordPress administration and to save the changes. If there are other CSS/JS files, you might also have to open the theme settings in WordPress and to simply click Save Changes.

If you need help with any of these steps, please contact our customer support at any time.

Leave a Comment

Your email address will not be published. Required fields are marked *