How To Fix Not Secure Website In Chrome?
Introduction
Website security is of great importance for anyone who owns or operates a website. One common issue is seeing a “Not Secure” warning in Google Chrome when visiting your site. This warning can deter visitors and harm your site’s credibility. In this blog post, we’ll explore the steps to fix this issue and ensure your website is secure.
“Not Secure” Warning
Google Chrome shows a “Not Secure” warning for websites that do not make use of HTTPS (HyperText Transfer Protocol Secure). The use of HTTPS is crucial as it encodes the data exchanged between the user’s browser and the server, protecting sensitive information from eavesdropping and tampering. If your website uses HTTP (without the “S”), Chrome will flag it as not secure, highlighting the urgent need to switch to HTTPS.
Steps to Fix a “Not Secure” Website
SSL/TLS Certificate
The first step to securing your website is obtaining an SSL/TLS certificate. This certificate is necessary for enabling HTTPS. You can obtain an SSL certificate from various providers, including:
- Let’s Encrypt: A free, automated, and open Certificate Authority.
- SSL.com: Provides a range of certificates for different needs.
- Comodo: Known for their affordable SSL certificates.
- DigiCert: Offers high-assurance certificates and is widely trusted.
Install the SSL/TLS Certificate
Once you have your SSL/TLS certificate, you should install it on your web server. The installation process can be different depending on your hosting provider and server type. Here are some general steps:
- Shared Hosting: Most shared hosting providers offer a control panel (like cPanel or Plesk) where you can install the certificate. For specific instructions, refer to your hosting provider’s documentation.
- VPS/Dedicated Server: You can manually install the certificate if you have root access to your server. This typically involves uploading the certificate files to your server and configuring your web server (like Apache or Nginx) to use them.
Update Your Website’s Links
After installing the SSL/TLS certificate, you must update your website’s links to HTTPS instead of HTTP. This includes:
- Internal Links: Update all internal links in your website’s code to use HTTPS.
- External Links: Update any links pointing to external resources (like images, stylesheets, and scripts) to use HTTPS, if possible.
This diligence will ensure a seamless transition to a secure website. You can use a tool like Search and Replace for WordPress or manually update the links in your site’s codebase.
Redirect HTTP to HTTPS
You should Set up a redirect from HTTP to HTTPS to make sure all traffic to your site uses HTTPS. This can be done by using a .htaccess file (for Apache servers) or a server block configuration (for Nginx servers). Here’s an example for Apache:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For Nginx:Â
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$server_name$request_uri;
}
Content Management System (CMS)
If you utilize a CMS like WordPress, Joomla, or Drupal, you need to update the settings to HTTPS. This might involve changing the site URL in the CMS settings and updating any plugins or extensions to ensure they support HTTPS.
Check for Mixed Content
Mixed content, a common issue in web development, take place when a page is loaded over HTTPS but includes resources (like images, scripts, or stylesheets) that are loaded over HTTP. This can still trigger a “Not Secure” warning. To identify and fix mixed content issues, it’s crucial to use Chrome’s Developer Tools, a reliable and widely used tool in web development.
- Open Developer Tools: Right-click on your webpage and select “Inspect”.
- Go to the Console Tab: Look for warnings about mixed content.
- Update Resource Links: Change the URLs of the resources to use HTTPS.
Conclusion
Fixing your website with HTTPS is essential for protecting visitors’ data and maintaining your site’s credibility. By following the steps mentioned above, you can fix the “Not Secure” warning in Google Chrome and ensure your website is safe for everyone. Regularly check your site’s security settings and stay up to date on best practices to keep your site secure in the ever-evolving digital landscape.
