In 2022, when web security is paramount, search engines like Google have taken measures to encourage webmasters to take a more proactive approach to secure their websites.
As such, internet users have also become wary of websites that say ‘not secure’, especially if the website handles payments.
We will discuss the possible reasons why a WordPress website may be deemed to lack the necessary security, answering the question, “why does my WordPress site say not secure?”
⚡ Check also ➡️ 9 Reasons Why Most Websites Fail
Why Is It Important To Secure Your Website?
Securing your WordPress website is very important if you want your users to know that it is a trusted source of information.
Showing that your website is adequately secured also puts customers at ease when making transactions on the website while knowing their personal information and data is safe.
If your website shows as being ‘not secure’, then users may be apprehensive about using it and could avoid clicking the URL altogether.
What Are SSL Certificates and Why Do You Need Them?
Installing a Secure Sockets Layer (SSL) certificate is the best way to secure your website, showing your audience that the connection is safe and that the content is trustworthy.
SSL has become an internet standard, using a private and public key to create an encrypted connection. Meanwhile, the certificate itself confirms the use of SSL and identifies the owner by installing it on the website’s server.
The benefits of installing an SSL certificate on your WordPress website:
- Site Security – The SSL/TLS connection ensures all information sent on your website is encrypted and safe from hackers. Even if a hacker does access the network, they will be unable to decipher the sensitive information. This is especially important for E-Commerce sites.
- SEO (Search Engine Optimization) – Another factor to consider is your SEO. Not having an SSL certificate installed on your WordPress website can have a negative impact on your search engine rankings.
- Loading Speeds – HTTP/2 protocol is much faster than a standard HTTP connection and needs SSL in order to run. Installing an SSL certificate can therefore quicken the loading speeds of your website. You can use tools such as GTmetrix to check the speed of your WordPress website.
- Google Analytics – If your website does not use HTTPS (SSL encryption), then an HTTPS referral to your HTTP website will be marked under direct traffic, instead of referral traffic. This means the data is inaccurate and could result in unnecessary changes to your overall marketing strategy.
- Protecting Your Brand and Improving Credibility – Many online users have huge fears about their information falling into the wrong hands. As a result, many people will avoid websites that have a ‘not secure’ warning which will affect your brand and its credibility.
What To Do if Your WordPress Site Says ‘Not Secure’?
In this section, we have put together a short guide to help you solve the problem of your WordPress website being flagged as ‘not secure’, by installing an SSL certificate.
1. Check if an SSL Certificate Is Already Installed
Many hosting companies provide an option in the control panel to quickly check if any SSL certificates have been installed on your server.
If this is not the case, then open a browser in incognito mode and type in your URL with an “https://” prefix. If a padlock icon appears in the URL bar, then a certificate has been installed and you should not encounter a ‘not secure’ warning.
2. Launch a Site Backup
Before making any changes on the server, it is always best practice to backup your WordPress website so no important content is lost.
We have a guide for this available here ➡️ How To Restore a Previous Version on WordPress
3. Installation of Your SSL Certificate
Once you have purchased an SSL certificate you will want to install it as soon as possible.
Thanks to many WordPress plugins, installing an SSL certificate can be completed by almost anyone, however, the process is usually not always a quick one.
Really Simple SSL is one such plugin that can help you get the job done.
4. Manage Your Redirects
Next, you will need to set up HTTP to HTTPS redirection so your users are sent to the correct, encrypted pages.
Fortunately, WordPress plugins can come to the rescue once again, with Really Simple SSL also providing a redirection tool.
5. Replace Internal Links
You will also need to change your internal links, and guess what? There are WordPress plug-ins that can also do this for you.
Make sure none of your internal links are pointing to the old HTTP pages of your website, replacing them with the new HTTPS versions.
You can tidy up your mixed content with Better Search Replace, helping you to find and replace insecure links quickly. Before doing so, make sure to backup your website again.
⚡ Check also ➡️ How To Check When a Website Was Last Updated?
6. Google Analytics and Search Console
Finally, you will need to update Google Analytics and Search Console with your new HTTPS URL.
Failing to do this means that Google will continue to crawl your old HTTP pages and return them on search engine results pages (SERPS). You will also need to submit an updated sitemap.
Browse the Siteefy blog for more useful information on managing your WordPress website.