Have you seen a message like- “Not secure” message on-site? Ever wondered how to remove that ‘not secure' from your website? To know more about it, you need to know more about what is an SSL Certificate? The issue that causes this “not secure” problem is related to SSL certificates. If you don't know what an SSL certificate is, do give this a read. It indicates that the website does not have SSL installed.
You may see the WordPress site not secure notice because the site has no SSL certificate or has an SSL certificate that was not properly configured during installation. Installing an SSL certificate significantly improves the user participation and layer of security. So, if there’s a problem with your SSL, Google indicates you with “Not Secure” notice.
So the users who visit your site see the “not secure” tag instead of the Secure “https” portion. This is because of the lack of the SSL certificate.
How to achieve secure site?
You can install an SSL certificate the right way using our guide. Then you need to update your Google Search Console and Analytics with the HTTPS version of the site.
SSL / HTTPS is an encryption method that ensures the connection between users’ browser and your WordPress hosting server. This performs it more troublesome for hackers to eavesdrop on the connection.
Each SSL / HTTPS enabled site is assigned a different SSL certificate for identification goals. If a server is representing to be on HTTPS, and its certificate doesn’t agree, then most common browsers will warn the user from joining to the website.
Steps to achieve security
- Get an SSL Certificate
- Install Your Certificate
- Change Your WordPress URL
- Implement a Site-Wide 301 Redirect
1. Get an SSL Certificate
Many people are scared of installing an SSL certificate, we wonder why! And some till some time back they would have had good reason to do that due to the long and lengthy process following it too. Now, every steps are much simpler with plugins that do most of the weighty lifting.
Not to forget the process is very lengthy.Obtaining an SSL certificate is comparatively manageable. However, you will require to pay for it in most cases, to certify that your website is accurate. Fortunately, SSL certificates don’t need to be expensive. With Hostinger, you can buy a lifetime SSL certificate for as little as $11.99, cool, right? Shared Business and Cloud Hosting plan users can get an SSL certificate for free which is an added benefit.
Once you decide to purchase your SSL certificate, just choose the option you want and finish the checkout process. One can even buy an SSL certificate directly from your control panel if you’re already a Hostinger user. One can simply go over to the SSL tab, and look for the Buy SSL Certificate button at the bottom of the screen. It is a very easy process.
2. Install the certificate
The Hostinger account permits you to enter a special members area or control panel. There, one can obtain a host of options you can use to manage your websites and get access to all the extra features they offer, such as email accounts etc.
If you want to install your new SSL certificate and get rid of the Not Secure Chrome error, go to the SSL tab. Within, You will be able to see a list of the available SSL certificates and their associated domains.
3. Change Your WordPress URL
At present, your WordPress website will still be using an HTTP URL. Wait before you try to force the platform to load over HTTPS. For that, you’ll need to change that primary URL. To do this, log in to your WordPress dashboard and navigate to the Settings > General tab. After that, You will be able to see several options inside. However, the two we’re involved in are WordPress Address (URL) and Site Address (URL).
What one has to do now is change both URLs to use HTTPS instead of HTTP, by simply adding in the extra “s” to both. Then, you need to save your changes to this page to proceed further.
Presently, you might be questioning why there are two different fields to configure your WordPress URL. That’s due to the fact that the WordPress Address field tells the platform where your site’s core files are. The Site Address field, on the other hand, defines where visitors can find your website.
In most maximum cases, both fields will be indistinguishable. However, you can also install your WordPress core files in another directory, which would alter the WordPress Address field. Even in that case, the only change you should make right now is to replace HTTP with HTTPS in both fields.
4. Implement a Site-Wide 301 Redirect
Now you are in the last step of the whole process,but even here visitors will already be able to see your website via HTTPS. The difficulty is that a lot of them may still end up using HTTP instead of HTTPS. Wonder why? They may have your old URL bookmarked, for example, or they might visit from an old link on an external site. To resolve this problem and preserve those users, you require to tell WordPress to re-route all HTTP traffic over HTTPS.
For that you need to set up what’s called a redirect for your entire website. There are several kinds of redirects you can use, but the best one for this situation is the 301. This is what’s called a ‘permanent’ redirect, and it tells search engines that your website has moved to a new address forever and it needs to access that location.
So there are two simple ways you can set up a 301 redirect for WordPress. The first involves using a plugin such as Really Simple SSL, which forces WordPress to load over HTTPS with very little input needed on your end.
The Really Simple SSL plugin is the way.
Just install the plugin, and it will automatically scan for an SSL certificate that’s connected with your website. If it finds one, it will empower HTTPS automatically. The problem with plugins is that they sometimes break due to updates or conflicts. Updates might not always work for the betterment. Sometimes, they backfire too.
Luckily, one can also set up a 301 redirect for your website manually. To do this, you’ll need to join to your server via File Transfer Protocol (FTP). For doing that, you’ll need an FTP client such as FileZilla.
Hopefully, this article might have helped you on how to remove ‘not secure' from a WordPress website. Do let us know any of the questions you have!