One minute your website's fine. The next, it's displaying a Not Secure warning. Maybe you discovered it by visiting your own website, or perhaps a concerned customer got in touch and pointed it out.
It might present itself as the words Not Secure in front of a URL in the browser bar. Chrome users may get a “your Chrome connection is not secure” warning when trying to go to a website.
However you found about it, you're undoubtedly asking yourself:
Why is my website displaying a not secure warning?
Any website that is not protected by an SSL certificate uses the HTTP protocol instead of the secure HTTPS protocol. Without that critical "S" in your URL, your website will show a Not Secure warning when viewed in Google Chrome version 68 and later.
Chrome 68 was launched by Google on 24.07.18. Other modern browers may display a similar message.
An SSL creates an encrypted connection between your website and anyone who visits it.
This tells the world that all exchanges with your website are securely encrypted.
Whether your visitors are submitting their credit card details or a product review, no one else can eavesdrop on the conversation.
But what does this mean for your website? And how can you make sure the Not Secure warning isn't displayed?
What does Chrome's Not Secure warning really mean?
If you are seeing the Not Secure warning, don't panic. The presence of the warning itself doesn't indicate that your website has been hacked or infected with a virus.
It simply means that you haven't protected your website with an SSL certificate — which means it's possible for a third-party (aka hacker) to read information transmitted between your website and anyone visiting it.
In practice, this means that if someone is inputting sensitive data such as payment information or even just their name and address into an unprotected website, there's a chance these details could be seen and misused by someone else.
That's why Google introduced the Not Secure warning — so people visiting a website know whether it's safe to type in their personal details.
But honestly, whether or not they plan to submit private details to your website, seeing the Not Secure warning is likely to send them running.
Once your SSL certificate is installed, the Not Secure warning will disappear.
You’ll also notice that the prefix of your web address changes from HTTP to HTTPS (the “S” stands for secure), and there’s a little padlock in the address bar indicating that your site is encrypted.
But first, you’ll need to get an SSL certificate.
How can I fix the Not Secure warning?
To fix the Google Chrome Not Secure warning you need to purchase and properly install an SSL certificate.
There are free SSL certificates — if you have root access to your website and the technical skills to install them, this may be an option for you.
GoDaddy offers a range of SSL options — all will make the Not Secure warning go away:
- Domain Validation (DV) SSL Certificate - the least expensive option, this is a good choice for one website. With DVs, we verify that you are the legal owner of your domain name.
- Managed DV Certificate - this option requires the least effort, as GoDaddy covers the installation and maintenance.
- Organization Validation (OV) Certificate - this offers a higher level of credibility than DV certificates, as the business or organization's existence has been verified by us.
- Wildcard SSL Certificate - strongest encryption in the world (SHA-2 and 2048-bit), covering one website (lilysbikes.com) plus all of its servers and sub-pages (shop.lilysbikes.com, blog.lilysbikes.com, m.lilysbikes.com).
- Multi-domain San SSL Certificate - covering up to 100 websites, managed in one place.
- Extended Validation (EV) Certificate - the highest level of validation, an EV is best suited for eCommerce websites or websites that handle sensitive data that hackers love (banking, healthcare, etc).
You can check out our SSL FAQs for help on setting up your SSL, or just go with a Managed DV Certificate.
What else do I need to do to protect my website?
An SSL certificate encrypts the data being sent to and from your website, but it doesn’t protect your website against malware or DDoS attacks.
Hacking is a major issue for businesses of all sizes.
According to the Cyber Security Breaches Survey, 32% of businesses and 24% of charities were victims of cyber attacks in 2023. UK attacks cost businesses an average of approximately £1,100.
If you want to protect your website against hackers, consider using a product like GoDaddy Website Security. The standard package protects one site and includes:
- Daily malware scanning
- A firewall to guard against attacks
- A DV SSL certificate
- One website clean up per year
- Continuous monitoring with daily alerts and updates
The advanced package adds DDoS protection, five clean ups per year and 25GB of secure daily backup, and a Content Delivery Network (CDN) speed boost.
Related: How to protect your website
Are there any other benefits to adding an SSL?
You may have heard that you can boost your search engine optimization by adding an SSL certificate. And although it's true that Google has said https pages may get a small boost in its search engine rankings, you shouldn't expect it to send your site rocketing to first place.
Switching your website to https by installing an SSL certificate is no replacement for conducting good, solid search engine optimisation (SEO). You can read all about SEO in this 8-minute post.
Summing up
If you don't want Google's Not Secure warning to appear on your website, then you need to install an SSL certificate as soon as you can. Doing so will also ensure that data transmitted via your website is encrypted.
But don't forget, you'll need to go further to make sure your website is protected against hackers.
