Welcome Guest! Login? Checkout

Recently in Google Chrome you may or may not have seen the warning that WordPress Not Secure in Google Chrome. This is quite alarming, but there’s nothing to be afraid of.

Your site is explicitly being told as being not secure, and this happens quite a lot in Google Chrome mainly.

What Has Happened?

Since Google Chrome 56, Google Chrome has been explicitly warning users if a site that contains fields which Chrome thinks could house sensitive data (such as password fields or credit card fields). This has been a recent change, but a substantial one as the web moves more towards HTTPS. An example of what you would see is similar to the below.

You can see it practically takes over the address field. This is subtle but just enough of a warning.

Why are you being told Your WordPress is Not Secure in Google Chrome?

Well first off, it is not a WordPress issue. WordPress is secure, but it still works on non secure servers. WordPress in itself recommends HTTPS support. WordPress is only affected out of the box due to the fact you have to use a password to log into WordPress, so whilst no warning will appear on the front end of the site, the second you enter the admin area you will get a warning.

Of course, it’s your decision if you decide to log in insecurely, but my suggestion would be to switch your site to HTTPS.

How Do I Fix It?

Luckily, it’s getting easier to fix these issues, thanks to the introduction of Lets Encrypt. Lets Encrypt is a free automated certificate authoring service that will allow you to get a free SSL Certificate for your site. There has been huge growth in this area in the past 12 months, and now many hosts support it.

Any Problems with Lets Encrypt?

The only thing that I’ve found a problem with Lets Encrypt has been that iTunes podcast feeds don’t support Lets Encrypt SSL Certificates. This was 6 months ago, so it may have changed. If you have a podcast, you may want to get a paid SSL Certificate, which are under £10 from somewhere like Namecheap.

What about SEO?

Well, people I know seem to have had issues switching from HTTP to HTTPS, but I cannot say I had many issues. I simply logged into WordPress after having the SSL certificate added to the site, changed the URL’s in the Settings from HTTP to HTTPS and was done with it. The three things to be aware of are the following:-

  • Make sure you canonicalise your URL’s. What this means is that Google will recognise one of the URL’s as being the definite one, and rank that URL. This is easily done using Yoast SEO. This is done to avoid duplicate content.
  • Make sure your HTTP redirects to HTTPS. If you have two versions of the same site, it can lead to some problems for things such as checkouts or any form of interaction. You can fix this with this guide on forcing SSL.
  • Make sure you have the new URL of the site listed in Google Search Console and Google Analytics.

I have prepared a full guide on how to migrate from HTTP to HTTPS in WordPress, which goes through in great detail how to migrate your site, as well as any pitfalls to avoid. To receive it, please leave your email address here to receive this white paper.


I also want to receive the Winwar Media Newsletter.

You will also be signed up to our newsletter, but you can unsubscribe at anytime.

My Host Doesn’t Support SSL through Lets Encrypt? What Should You Do?

Move host. These warnings are going to get bigger and more substantial over time (Google has suggested that over time they will start showing the “not secure” warning for all sites), so it is in your best interest to put your site behind HTTPS. So here are a list of hosts I have verified have the ability to add LetsEncrypt to your site. If you can comment on your host having SSL please do so, and I’ll add it to the list.

Host NameType of HostLetsEncrypt?Other SSL Certificates?Price / SitesLink
34SPManaged WordPressYesYes£14.95/month
(3 Sites)
Visit 34SP
SiteGroundGeneral HostingYesYes£2.75/month
(1 Site)
Visit SiteGround
WP EngineManaged WordPressYesYes$35/month
(1 Site)
Visit WP Engine
DreamhostManaged WordPressYesYes$19/month
(1 Site)
Visit Dreamhost
FlywheelManaged WordPressYesUnsure$15/month
(1 Site)
Visit Flywheel
PressedManaged WordPressYesUnsure$99/year
(Unsure cost/site)
Visit Pressed
PressableManaged WordPressYesUnsure$20.83/month
(Unsure cost/site)
Visit Pressable
CloudwaysManaged WordPressYesYes$7/month
(Unlimited Sites)
Visit Cloudways
KinstaManaged WordPressYesUnsure$30/month
(1 Site)
Visit Kinsta
 
 
 
WP Engine Managed WordPress Hosting

Comments

Polite Disclaimer: I am welcome, open and willing for corrections to be shared in the comments (with corrections being added to posts and credited), and the comments field should be used to promote discussion and make this post better. I do not know everything and if anybody finds a better way to do something, then by all means please share it below.

However, I'm unable to offer support to posts. The reason being is that WordPress has tens of thousands of plugins and millions of themes. As such, finding out exactly why code doesn't work with your setup is a long process. If you wish for me to look at your code, please use the priority support area.

Comments asking support will be left on the site, but there is no guarantee of answer.

  • Pankaj Dhawan

    Hey Rhys,

    I did see that not secured thing on my own website as well but didn’t know about this way. I guess I still will have to wait since the hosting provider I am with, they are into process of considering Letsencrypt added to the shared hosting plan.

    I will keep checking on this but thank you so much for this much needed information.

    March 21, 2017 at 3:58 pm

Comments are closed.