How to Fix Not Secure Website in Google Chrome: [2025 Updated]

Spotting a “Not Secure” message in the Chrome browser can be confusing for potential customers. Many people view it as a warning sign and leave the site immediately, resulting in fewer sales, online traffic, and loyalty. But there are easy ways to fix a “Not Secure” website in Chrome. This issue typically arises from problems with the site’s SSL certificate or HTTPS settings, which can be resolved with a few necessary steps.

What Does a “Not Secure” Website Mean?

If you’re seeing a “Not Secure” warning text on your website, it is important to understand the reason behind it. This text typically pops up in Chrome when your website’s connection is not secure, which occurs when the URL begins with “http://” instead of “https://” in the address bar.

Google introduced the “Not Secure” in the 68th version of Chrome to warn users about possible risks associated with unsecured web connections. When a connection is not secure, hackers or malicious web thieves can easily modify, read, or intercept any data entered by visitors on your website.

Getting a “Not Secure” warning does not indicate that your website is affected by malware. Rather, it just serves as a warning that the web connection lacks proper protection or security measures. Moreover, the text is intended to safeguard your website visitors from potential online threats and data breaches. That said, it can adversely impact your website traffic, as many users may choose to immediately leave a site that displays such warnings in their browsers. Therefore, it is important to know its potential triggers and how to remove the “Not Secure” text from your website effectively.

What Triggers the “Not Secure” Warning?

There are several reasons why your website may display a “Not Secure” warning in Chrome.

No SSL Certificate Installed

The warning can pop up if a SSL certificate is not installed on the site. When this happens, Chrome marks the connection as “Not Secure.” An SSL certificate establishes a secure connection between the web server and the user’s browser. It also encrypts the data that visitors share with your website, ensuring they have a secure browsing experience. So, it’s important to install an SSL certificate to protect your visitors and their information online.

Expired Or Invalid SSL Certificate

Sometimes, a website can trigger a warning despite having an installed SSL certificate. This happens if the certificate is not properly installed, has expired, or was obtained and issued by a provider with a bad reputation.

Mixed Content in Your Website

Even with an active and valid SSL certificate in place, your site may load certain images or code via the unsecured HTTP instead of the secure HTTPS. This occurrence is known as mixed content. When this happens, web browsers like Chrome may present warnings about an unsecured connection.

Incorrect HTTPS Configuration

If your website has not been set up to redirect visitor traffic through a secured HTTPS connection, Chrome may display a “Not Secure” error. As a result, all your visitors will continue to access your website using the unsecured HTTP connection.

How to Fix a “Not Secure” Website Warning?

Now that you know the potential reasons for the display of a “Not Secure” warning, you will need to learn about effective solutions to fix it. Ignoring the issue may lead to a loss of traffic, sales, and potential customers.

Get an SSL Certificate

Having an SSL certificate is non-negotiable for your website. If you’re concerned about the cost, there are many options available to obtain one for free or at low prices. Most of these are entry-level certificates known as Domain Validated or DV certificates. If you have a personal or small business website, DVs are a great fit.

On the other hand, if your website serves as an e-commerce store with high traffic, is a part of an enterprise project, or belongs to an established business, you need a more robust SSL certificate like Extended Validation (EV) or Organization Validated (OV) SSL certificate. These types of SSL certificates cost anywhere from a few dollars to over $1,000 per year.

Update Your Website to Connect HTTPS Links

Once you are done installing an SSL certificate on your website, you’ll need to set it up to load via an HTTPS connection. Popular content management systems like WordPress offer plugins that simplify the process of redirecting all content through HTTPS instead of HTTP.

If you possess advanced technical expertise, you can also edit the .htaccess file on your server to activate the connection through HTTPs links.

Alternatively, you can add 301 redirects on your website without making any manual changes to any files. A 301 redirect, known as “moved permanently,” is an HTTP status code that automatically directs your web visitors to the new website link with an HTTPS connection.

Fix Mixed Content Errors

To resolve a “Not Secure” website, you’ll also have to look for mixed content errors. To do this, directly open the developer tools console in Chrome. The tools allow you to check all the resources on your website that are using an HTTP connection instead of HTTPS. You can either re-upload these files or use a plugin that forces the mixed content to load over a secure connection.

Update CMS and Plugins

Often, older versions of your Content Management System (CMS) and plugins can pose security risks, which may lead to your website showing a “Not Secure” warning. So, to avoid this, make sure to regularly update all the software that your website uses. Keeping your CMS and plugins up to date will not only reduce the possibility of online attacks but also provide a safer environment for your visitors.

Set Up HSTS

HTTP Strict Transport Security, or HSTS, is a server configuration that improves the security of your website connection. With this configuration enabled, all your web visitors are required to connect through a secure HTTPS connection. This process prevents users from accessing your website through any unsafe connections.

Use Two-Factor Authentication

Two-Factor Authentication, or 2FA, provides an extra layer of security beyond just passwords, which makes it more difficult for hackers to gain access to your website or user data. Anyone with admin access to your website should enable this feature. Besides, implementing 2FA helps prevent your site from being flagged by Google, which can stop a “Not Secure” warning from appearing.

FAQs

Why does Chrome say my site is not secure?

Chrome usually gives a “Not Secure” warning for a website when it does not use HTTPS, an encrypted and secure connection. Without this encryption, your website is prone to cyberattacks by hackers and scammers. This means anyone could potentially intercept the data being exchanged between your browser and the website.

How do I make my website HTTPS?

To ensure your website uses HTTPS, you’ll need to install an SSL certificate and configure your site accordingly. Start by obtaining the certificate from an authorized provider. Once you have it, install it on your server. Finally, update your site settings to redirect visitors from the HTTP version to the secure HTTPS one.

Can I fix “Not Secure” without coding?

No. It is not possible to remove a “Not Secure” warning without making changes on the backend of your website. While you may not necessarily need to alter any code directly, you’ll be required to add plugins or headers to your website files to resolve the issue. This process requires you to have basic knowledge of coding.

Will “Not Secure” affect my Google rankings?

Your website’s Google ranking can be impacted due to the “Not Secure” warning displayed in Chrome and other browsers. Google has officially stated that a higher ranking preference is provided to secure websites in search results.

What happens if my SSL certificate expires?

Whenever an SSL certificate expires, the secure connection between your website and visitors is compromised. This results in a “Not Secure” warning, which can invariably lower traffic to your website and affect customer trust. Additionally, expired certificates can make your website highly prone to cyberattacks and malpractices.