Insight | Web Development

Why does my website say it's not secure?

If you recently noticed that your site is displaying the term 'Not Secure' next to the URL, Google Search Console has notified you or someone has told you that they noticed it, you are not alone. This blog will tell you why it's happened, how to check and how to fix it.

Why has this happened?

Google announced in September 2016 that with the release of Google Chrome 56 this January, they will make the first move to marking all websites without a Secure Sockets Layer (SSL) certificate as Not Secure. SSL certificated websites will be shown as https://. For http websites, data is sent between the browser and web server in plain text, which means that information is vulnerable to hackers that can steal that data.

However, with certificated websites, this data is protected by encrypting it through Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL).

They've begun this process by first targeting any pages with password and credit card input fields within sites without an SSL certificate. This makes sense, because this is the very data that should be encrypted and protected from attackers.

How to check

Firstly, you may already have a secure site, in which case, look for https:// at the beginning of your domain. If so, you're already safe so there's nothing to worry about!

If this isn't the case, do users have to enter a password at any time to access gated content on your site? Or enter credit card details to buy anything? If that isn't the case then you're also safe for now but it's worth bearing in mind that if your site isn't protected by encryption, displaying an https:// URL, then in time Google will display your site as 'Not Secure', in line with their aims of creating a more secure Internet. 

If you do have these input fields and your site isn't already protected, then you'll first need to download Google Chrome as your browser, if you're not already using it. Then enter your URL and navigate to any pages where you have log in or credit card input fields. Then look at the URL. This is where you'll see 'Not Secure' just before your domain name.

How to fix it

You'll need an SSL Certificate. These have always been used to protect data through encryption, with each update becoming more and more secure, represented by the version number. When we hit version three, instead of calling it SSLv3.0, they instead called it TSLv1.0, or the Transport Layer Security, mentioned above. We're currently on TSLv1.3, however, because SSL is the more commonly used term, they're still referred to it as an SSL certificate.

All browsers can interact with the secure webservers using the SSL protocol but in order to do this an SSL certificate is needed. It works through the use of a public and a private key, which work together to create a secure connection. The certificate will also contain a 'subject', which states the identity of the website and website owner.

You can get an SSL certificate from many different companies, for most of which you will have to pay, however, there is also the company Let's Encrypt, which is free. You may want to read this review, which highlights the pros and cons of this option.

Lastly, once you have your new, secure website, you'll need to submit it to search engines as they will class it as a different site. 

If you find that this problem is affecting you, it's definitely worth investigating, as you may find this update will affect conversion rates if left unchecked.