What to do about the “Not Secure” warning in Chrome?

With the latest versions (v68+) of Google Chrome, Google has started to label all non-https websites as “not secure”. According to Google, websites carrying this label of “Not Secure” are at risk of being compromised. What that means is the connection between a user and the website is unprotected, and any data that passes between the user and the website is at risk of being hijacked or compromised. Not great, especially if you have a website that takes payments or captures other sensitive data. Even if you have a simple brochure website, you don’t want to give the impression to your customers that your website is “Not Secure” and can’t be trusted.

How do I know if my website is non-https?

Perhaps you don’t use Google Chrome and don’t see any “Not Secure” warnings in your browser, but are worried your customers may be seeing such warnings. If you use another browser, you can check if you have a padlock icon in the URL bar. If you have a padlock in the URL bar, you have a secure website over https. Nice one!

No padlock? Then try accessing your website with https:// in front of your domain, so https://yourwebsitehere.com — if you get hit with a security warning you don’t have any SSL certificate set-up and your website is at risk.

How do I fix this?

If your website is “Not Secure”, or not showing that padlock in the URL bar, then you need to install an SSL certificate which forces the browser to use the secure https protocol.

You should check with your web host on how you can set-up and install an SSL certificate. It varies from host to host. It’s quite common for a web host to charge an annual fee for the certificate, and sometimes they’ll only provide the certificate, leaving you to install it. If you need help installing an SSL certificate, drop us a line and we can help.

Before you commit to the purchase of an SSL certificate you might want to check if you have LetsEncrypt on your hosting package. This is a free SSL certificate provider and can provide you with an SSL certificate. The downside is that you may only have the SSL certificate for 90 days before needing to go back in and actioning the set-up again. But it’s not a huge issue as the set-up is relatively easy, with only a couple of steps.