Running a secure website is one of the most important elements to consider for your online presence. Whether you’ve had a website for a long time, or you’ve just created one, site security is extremely important — especially for ecommerce sites. Not only that, but any site that requires or stores any kind of visitor information, including something as simple as login information, should provide security to site visitors.
On this page, we’ll answer your burning questions like what it means when your website isn’t secure and how to make your website secure once and for all! And don’t worry — you’re not alone! Hundreds of searchers per month ask Google “why my website is not secure.” Keep reading to learn more!
Video: Why isn’t your website secure?
What does “not secure” website mean?
If you’ve visited a website, (maybe even your own), and noticed a warning in the search bar that says, “not secure,” you’re no stranger to feeling cautious upon entering the website. You might ask yourself questions like “what does ‘not secure’ website mean?” or “what information isn’t secure?” These are both valid questions and something that you should be aware of before entering a website that has the dreaded warning in the search bar.
Here are some things you should know when it comes to websites that aren’t secure:
HTTP websites are not secure
HTTP, or Hypertext Transfer Protocol, is placed at the front end of website URLs in order to display a website. It’s a protocol used by the World Wide Web in order to fetch HTML documents — or in short, display web pages. Unfortunately, website URLs that are preceded by HTTP are not secure.
This means that your login info, or worse yet, your personal information like credit card numbers, could be stolen, read, or modified by hackers. You can read more about how HTTP affects site rankings further down the page.
HTTPS websites are secure
On the other hand, website URLs that are preceded by HTTPS are secure. This means that when you see a website URL starting with HTTPS, you won’t get a “not secure” warning, and you don’t have to worry about the possibility of hackers stealing your personal information that you use on the website. Popular websites like Google.com and Amazon.com use HTTPS to show users that they are safe when browsing and making purchases on their websites.
HTTPS provides encryption, which means nobody can track or steal personal information, integrity, which means that data can’t and won’t be corrupted during transfer, and authentication, which validates that websites are communicating correctly with the right website. Google has always advocated for HTTPS sites as opposed to HTTP sites, but in 2018, they made that even more clear. Starting in July 2018, the search engine started providing users with the “not secure” marker in the search bar — potentially decreasing site visitors to insecure sites.
“Not secure” doesn’t mean your computer is infected
When users see a “not secure” warning, they may think that it’s the first sign of a computer virus or malware. That’s one thing you don’t have to worry about! Like we mentioned before, the “not secure” warning simply means that your information is not secure on that website and that you should refrain from entering any personal information.
Websites that don’t utilize HTTPS could rank lower in results
Google’s main job as a search engine is to provide users with the results that most closely fit their search query. The results that Google provides for any given search are based on tons of factors including keyword targeting, the domain authority of the website, number of backlinks, and the list goes on. But Google is also known to use website security as a ranking factor — meaning if you own a website that doesn’t utilize HTTPS, you may see your site rankings get worse.
Google wants to provide search results that not only fit a user’s search query, but also provides them with a secure experience.
My website is not secure, how can I fix it?
If all this talk about tanking rankings have you questioning how you can make your website secure, you’ve come to the right place. Adopting HTTPS is far from difficult, so check out our five-step process to securing your website for site visitors and customers.
1. Install Secure Sockets Layer (SSL) certificate
In order to make your HTTP site secure, you’ll need to install an SSL certificate on your website. When you install an SSL certificate, a few exchanges take place, which provides a secure version of your website to your site visitors.
- Your browser will connect to a website and request the server identity.
- The server will respond by sending the browser the SSL certificate
- The browser will determine if the SSL certificate is trustworthy
- If the SSL certificate is trustworthy, it will send the server a message
- The server will respond with a digitally-signed document that gives permission to start a session that is encrypted by the trusted SSL certificate
- The browser and server share encrypted data
2. Ensure that internal and external links use HTTPS
If you want both your internal and external site links to continue to operate effectively, you’ll want to ensure that you change them all to HTTPS as well. This might sound tedious, but it’s crucial to ensure that HTTPS helps your website instead of hurting it.
3. Verify your website in Google Search Console
After installing your SSL certificate and ensuring that your site links use HTTPS, you’ll want to verify both the HTTP and HTTPS versions of your site in Google Search Console. In doing so, you’ll also want to be sure that your preferred domain is set to the HTTPS version. This will ensure that site visitors are served the secure version of your website.
For digital marketing advice on the regular, subscribe to the email that more than 190,000 other marketers trust:
Revenue Weekly. Sign Up Today
4. Ensure that HTTP URLs are redirected
If you mention your website on any third-party sites that you have control over, you’ll want to be sure that you change mentions of HTTP to HTTPS. You’ll also want to create 301 redirects on your own website to make sure your HTTP URLs reference the HTTPS version.
5. Update XML sitemap
Next, you’ll want to update your XML sitemap to reference the HTTPS versions of your site pages. Your sitemap acts as a road map for site visitors and Google alike to help them easily navigate your website. To ensure that Google re-crawls and indexes your website with new links, you’ll want to submit your updated sitemap to Google Search Console.
Time to Level Up Your Sales
Our long list of services helps you grow every aspect of your business with marketing strategies that are proven to increase bottom-line metrics like revenue and conversions.
In the past 5 years, we’ve managed more than 12.9 MILLION transactions across our client base.
Need help securing your website?
We hear people ask all too often, “My website is not secure, how can I fix it?” This is a legitimate question for website owners, and should be — if you’re interested in keeping customers and increasing sales. At WebFX, we have a team of over 450 specialists who can work to create a secure site for you and your business.