If you’re using Google Chrome, you’ve probably visited at least one website marked “Not Safe.” Chrome displays it in large, red letters next to the site’s URL. If the message appears on your own website, it can be a problem as it could turn off visitors.
To avoid this warning on your site, all you need to do is set one for your website. In this article, we’ll walk you through the process, which includes:
- Get an SSL certificate
- Install your certificate through your web hosting provider
- Change your WordPress URL
- Implement a site-wide 301 redirect
If you don’t understand what any of these points mean, don’t worry. By the end of this article, you will be an expert in SSL and you will be able to get rid of warnings like “it is not secure”, “this website cannot be accessed”, “a secure connection could not be established” or “cannot connect to SSL”. security to this page”, in Chrome. Let us begin!
What does the “Not secure” or “this website cannot provide a secure connection” warning mean in Chrome?
For a while now, Google has been working hard to warn people when they visit websites that may be unsafe. The main criteria Chrome uses to determine whether or not a site is secure is its use of HTTP or HTTPS. A site using the former will be penalized with a warning like this:
In some cases, you’ll also see an even scarier Chrome error: “The connection is not private,” or “secure connection failed” that looks like this:
The main reason Chrome started doing this was to incentivize website owners to adopt the more secure HTTPS protocol. Over the past few years, HTTPS adoption has skyrocketed, thanks to this and other initiatives.
In case you’re not sure what HTTP and HTTPS are, let’s go over some basics. For a long time, HTTP has been the protocol used by browsers to send and receive information from web servers. It is this type of protocol that allows you to read this article right now, as well as view the rest of our website.
The problem is that HTTP is not ideal from a security point of view. For example, the protocol is susceptible to , which means that it is not a secure way to transmit sensitive data. HTTPS, on the other hand, encrypts your connection to the website you are accessing. In other words, it keeps you and your information much more secure.
If you have a website that is still using HTTP, you can easily transition to HTTPS. All you need is to set up an SSL certificate, which provides the authentication factor that HTTPS requires to work. In other words, the certificate tells browsers that your website is trustworthy and safe to connect to over HTTPS.
Using HTTPS on your website is more important now than ever. As of the launch of in July 2018, Google Now . Clearly, that’s something you’ll want to avoid unless you don’t mind losing traffic.
How to Fix “Not Secure” Warning in Chrome (in 4 Steps)
Avoiding the “Not secure” or “This website cannot be reached” warning in Chrome is relatively easy. As we mentioned earlier, you will first need to obtain an SSL certificate for your website. With , you can find a free SSL certificate quickly and easily. Next, you need to install it and configure your WordPress website to load over HTTPS by default. All this is simpler than it seems, so let’s get started right away.
Step 1: Get an SSL certificate
Obtaining an SSL certificate is relatively simple. However, in most cases you will need to pay for it to certify that your website is trustworthy.
Fortunately, SSL certificates don’t always have to be expensive. With plans, you get unlimited SSL certificates for free. Please note that your website must be .
Once your certificate is ready, you’ll still need to set it up before you can fix Chrome’s “Not Secure” error.
Step 2: Install your certificate through the member area
Your account allows you to access a special member area or control panel. There you can find a lot of options that you can use to manage your websites and get access to all the extra features we offer, like email accounts:
To install your new SSL certificate and get rid of Chrome’s “Not secure” error, go to the tab SSL. Inside, you will see a list of your available SSL certificates and their associates. If you purchased the certificate from , all you have to do is select the button Install next to the listing and we’ll set it up for you.
If you got the certificate from somewhere else, you can also set it up through this screen. Just scroll down to the section custom ssl and select the domain you want to use.
Then paste the contents of the files certificate.txt Y privatekey.txt of your certificate in the two corresponding fields below:
There is a final section called certificate authority bundle, but you can ignore that setting in most cases. Once you have filled in all the other fields, press the button Install and your certificate will be ready.
Now your website has a new SSL certificate configured. However, that is not enough to fix the “Not secure” or “Could not establish a secure connection” warning in Chrome. To remedy this, you will still need to change your WordPress URL and force the platform to load over HTTPS. Otherwise, your certificate will just sit there collecting dust.
Step 3: Change your WordPress URL
At this point, your WordPress website is still using an HTTP URL. Before you can force the platform to load over HTTPS, you’ll need to change the primary URL. To do this, log in to your WordPress dashboard and go to the tab Settings > General.
You will see several options inside. However, the two we are interested in are the WordPress Address (URL) and the Site address (URL):
What you need to do now is change both URLs to use HTTPS instead of HTTP, simply by adding the extra “s” to both. Then save your changes on this page.
At this point, you might be wondering why there are two different fields to configure the WordPress URL. This is because the field WordPress Address it tells the platform where the main files of your site are located. Field site addresson the other hand, specifies where visitors can find your website.
In most cases, both fields will be identical. However, you can also install the WordPress core files in a different directory, which would mess with the WordPress Address. Even then, the only change you need to make now is to replace HTTP with HTTPS in both fields.
After doing so, you will be much closer to getting rid of Chrome’s “Not Secure” warning. There’s only one more thing you need to do before your website can be considered secure (at least by Google’s standards).
Step 4: Implement a site-wide 301 redirect
At this stage, visitors will already be able to access your website over HTTPS. The problem is that many of them can still result using HTTP. They may have saved your old URL, for example, or they may have come from an old link on an external site. To resolve this issue and protect those users, you need to tell WordPress to redirect all traffic from HTTP to HTTPS.
To do this, you’ll need to set up what’s known as a redirect for your entire website. You can use various types of redirects, but the best one for this scenario is the 301. This is what is called a ‘permanent’ redirect and it tells search engines that your website has moved to a new address permanently.
There are two ways to set up a 301 redirect in WordPress. The first involves using a plugin like , which forces WordPress to load over HTTPS and requires very little input from you:
All you have to do is install the plugin, and it will automatically search for an SSL certificate associated with your website. If it finds one (which it should be, if you’ve made it this far), it will automatically enable HTTPS.
Although using a plugin is very simple, it is not what we recommend in most cases. The problem with plugins is that sometimes they crash due to updates or conflicts. When it comes to key functionality like HTTPS, you may not feel safe depending on a third-party plugin.
Fortunately, you can also set up a 301 redirect for your website manually. To do this, you will need to connect to your server via File Transfer Protocol (FTP). For that, you will need an FTP client like .
When you’re done and ready to use, you’ll also need to collect your FTP credentials, which are not the same ones you use to access your website. You can find these credentials in your control panel under the tab Files > FTP Accounts:
Take note of your credentials and use them to connect to your website through FileZilla. Once you establish a connection, access the folder public_html of your site, which is also known as the directory root of WordPress.
You will find a lot of files and folders inside this directory. However, the one that interests us. This file contains instructions for your server and allows you to implement a variety of features, such as caching and browser redirects.
To open this file, right-click on it and select the option View/Edit (View/Edit). This will open .htaccess using your default text editor, allowing you to make changes to it:
Keep in mind that you’re handling a very sensitive file, so don’t make any changes beyond our instructions (unless you’re very confident in what you’re doing).
To create a 301 redirect through your file .htaccess, you will need to add a new rule to the end of the file. Here is a code snippet that you can copy and paste:
RewriteEngine on RewriteCond %{HTTP_HOST} ^yourwebsite.com RewriteCond %{HTTP_HOST} ^www.yourwebsite.com RewriteRule ^(.*)$ https://www.yourwebsite.com/$1
Let’s break down what this code does. The first two lines after RewriteEngine on they tell your server what conditions a connection must meet in order to apply the rule you’re about to specify. In this case, the only condition is that someone has to try to access your website using HTTP.
When that condition is met, WordPress will redirect the connection to the URL you specify…
Facebook Comments
Disqus