My website is showing as insecure; what do I do?

My website is showing as insecure
My website is showing as insecure - Disclaimer / Photo by Miguel Á. Padriñán

As you may have noticed, some websites appear as insecure. It appears in one’s browser, for example, Google Chrome. A small warning is displayed here that the website is insecure. From October this year, Mozilla Firefox will follow suit and also introduce this kind of warning so that users can better navigate in (and away from) unsafe websites. But what if your website has been flagged as being insecure? In this post, we will tell you how to solve it. What do I do?

What does it mean that one’s website is insecure?

It can seem scary when the browser shows that your website is insecure. But this does not mean that the website has been hacked or otherwise compromised. Instead, the user’s connection to the website is not encrypted. A website is encrypted by having an SSL certificate set up and, simultaneously, ensuring that all content on the website is retrieved from the encrypted version. In short, it will increase security, as encryption means that unauthorized persons (for example, on a shared Wi-Fi network) cannot see the information sent back and forth. The content on the website, such as texts and images, is hardly essential and is encrypted. But it is crucial for personal data, for example, contact forms, chat systems, and purchase flows. Handing over your data on a website that is not encrypted is similar to not protecting your PIN while paying in the supermarket.

A missing SSL certificate gives a dent in credibility and probably scares some customers away. But it is also very damaging for SEO (search engine optimization). Google favors websites with SSL in place, so if yours doesn’t, you will undoubtedly fall behind the competition.

First, an SSL certificate must be set up

There are several options for setting up an SSL certificate for your website. The most common is to use the built-in options of your hosting. That is where the website is stored. Many providers now offer free SSL certificates; however, a number of them hide it quite a bit, as they would rather you pay for one. If in doubt, ask your hosting provider.

Next, the website’s content must be loaded over HTTPS

When using the SSL certificate on the website, after setup, you must set all content to be loaded over HTTPS instead of HTTP. If this is not done, the security certificate will not be used. There are various methods of doing this. For example, by adding some code to your website’s .htaccess file or using a plugin that does it for you.

Once that’s done, check if the content is fetched over HTTPS instead of HTTP. If you’ve used a plugin, it might fix all URLs on the content from HTTP to HTTPS, but it can’t always do it everywhere. But, again, it depends on which themes and plugins you use. So we recommend you manually click on your website and check about it.
If you have set up the settings directly in your website’s .htaccess file instead of a plugin, you may have to change the URLs manually. Then, either go into each page and correct it or update it directly in your website’s database with a script. The latter is more technical but faster.

Since the URLs change from HTTP:// to HTTPS://, 301 redirects must be set up from the old URLs to the new ones. It is essential for SEO reasons and to ensure that people who click on an old HTTP:// link are sent to the new current URL.