Are you getting a message from your browser or antivirus package saying your website is not secure? What does it mean?
An insecure website can prevent people from reaching your website or if you have an online shop, stop them from making a purchase. When you are trying to visit a website and are faced with a scary looking message saying “Attackers might be trying to steal your information…” it is very off-putting. A website that is not secure is also a big no-no when it comes to Search Engine Optimization (SEO), as the search engines are less likely to feature sites that don’t have security certificates installed.
How do I secure my website?
The solution to the “not secure” problem is to get an SSL (Secure Sockets Layer) certificate issued for your website domain.
SSL? What’s that?
An SSL certificate is a small data file that makes sure that any data passing between a website server and an internet browser remains private. This is really important for any website that collects your personal information, such as your name, contact details, payment information, and so on. When you put your data in, the SSL will make sure the information that passes through is encrypted, preventing potentially prying eyes from seeing it.
Sounds good, but how do I get an SSL certificate?
Decide what sort of SSL you need
The first step is to determine what sort of SSL you need. For most websites, a standard Domain Validated (DV) SSL is fine. This proves that you control the domain you are requesting the certificate for. You can have a single domain certificate, which will only be applied to your main website URL, or if you use subdomains (such as blog.yourdomain.com, shop.yourdomain.com and so on) you can have a wildcard certificate to cover all of those as well as your main domain.
Larger organisations should consider an Organisation Validated (OV) SSL. To get one of these, the organisation has to prove they own the domain and that they are operating legally.
Financial or insurance based organisations, or ecommerce companies that collect and process people’s data and payment information, should look at getting an Extended Validation (EV) SSL. Again with this certificate, you are proving that you are authorised to own the domain and that you are collecting the data for a legally valid reason (such as needing credit card details to allow a user to purchase goods or services from your website).
Claim or Buy your SSL
SSL certificates are issued by a Certificate Authority (CA) and you should aim to get one from a trusted brand.
Your website hosting provider will often be able to issue a SSL certificate to you and help you install it. Some providers, such as Siteground*, include an SSL for free as part of their hosting packages and you can install the certificate yourself via your account.
If your hosting provider does not provide free SSL certificates themselves, you can see if they approve the use of free Let’s Encrypt certificates. Alternatively if you want your hosting provider to support you with setting up the SSL, or if you need an OV or EV SSL, you can ask them for a quote for to provide this. Your domain registrar (if they are not the same as your web host) are also worth contacting to ask for a quote. Alternatively you can buy a SSL certificate from a third party such as Globalsign or GoDaddy.
*We have used our affiliate link here which means we will get a small commission if you buy from Siteground after clicking the link. If you use it, thank you!
I’ve got a SSL certificate, but my website STILL says it’s not secure!
This can be a frustrating problem. You’ve got the SSL certificate sorted out but your website still shows that annoying “not secure” message. How can you fix it?
Install and activate the “Really Simple SSL” plugin
For a WordPress website, the easiest thing to try first is to install and activate the Really Simple SSL plugin. Once activated, you can go through the set up wizard which should detect the SSL certificate and guide you through making the necessary corrections to your website to get it working properly. Once you’ve gone through the wizard you may need to sign out of WordPress and sign back in again for the changes to take full effect.
Try using the “Better Search Replace” plugin to update your website’s database
If that doesn’t work, you can then try installing and activating the Better Search Replace plugin. Once this is activated you’ll find it under the Tools menu on the left hand side of your WordPress dashboard. You can use the tool to check whether any parts of your database still have “https://” URLs and replace them with “https://”. Make sure you have a full backup of your website and database before using this tool.
- To run the tool, put “https://” in the “Search for” field and “https://” in the “Replace with field.
- Click on the first item in the “Select tables” field, then scroll to the bottom and Shift-Click the last item (this will then select everything in the list).
- Leave the “Run as dry run?” ticked if you want to see the results before you do the actual search and replace
- Click the “Run Search/Replace” button
- If you did a dry run first, untick the “Run as dry run?” box and click the “Run Search/Replace” button again when you’re ready for the tool to make the changes to your database.
Once you’ve run the tool, which normally takes a few seconds, you may need to log out and log back into WordPress to see if the changes have worked. If it hasn’t worked the first time, it may be worth running the tool a couple more times as sometimes it picks up changes that it didn’t find the first time around. You may also have more success if you work through each line in the “Select tables” box individually and do a “Search/Replace” for each one.
Do more detective work via the “Why No Padlock” website
If you are still having problems with your SSL at this point, you may need to get some more help. The Why No Padlock website is a good place to start and may help you find any outstanding issues that are preventing your SSL from working. If not, then try getting in touch with your SSL provider or a web developer who will be able to do more investigation for you.