Welcome Guest! Login? Checkout
This post was written 8 months ago and therefore may not be as accurate as more recent posts.

Recently in Google Chrome you may or may not have seen the warning that WordPress Not Secure in Google Chrome. This is quite alarming, but there’s nothing to be afraid of.

Your site is explicitly being told as being not secure, and this happens quite a lot in Google Chrome mainly.

What Has Happened?

Since Google Chrome 56, Google Chrome has been explicitly warning users if a site that contains fields which Chrome thinks could house sensitive data (such as password fields or credit card fields). This has been a recent change, but a substantial one as the web moves more towards HTTPS. An example of what you would see is similar to the below.

You can see it practically takes over the address field. This is subtle but just enough of a warning.

Why are you being told Your WordPress is Not Secure in Google Chrome?

Well first off, it is not a WordPress issue. WordPress is secure, but it still works on non secure servers. WordPress in itself recommends HTTPS support. WordPress is only affected out of the box due to the fact you have to use a password to log into WordPress, so whilst no warning will appear on the front end of the site, the second you enter the admin area you will get a warning.

Of course, it’s your decision if you decide to log in insecurely, but my suggestion would be to switch your site to HTTPS.

How Do I Fix It?

Luckily, it’s getting easier to fix these issues, thanks to the introduction of Lets Encrypt. Lets Encrypt is a free automated certificate authoring service that will allow you to get a free SSL Certificate for your site. There has been huge growth in this area in the past 12 months, and now many hosts support it.

Any Problems with Lets Encrypt?

The only thing that I’ve found a problem with Lets Encrypt has been that iTunes podcast feeds don’t support Lets Encrypt SSL Certificates. This was 6 months ago, so it may have changed. If you have a podcast, you may want to get a paid SSL Certificate, which are under £10 from somewhere like Namecheap.

What about SEO?

Well, people I know seem to have had issues switching from HTTP to HTTPS, but I cannot say I had many issues. I simply logged into WordPress after having the SSL certificate added to the site, changed the URL’s in the Settings from HTTP to HTTPS and was done with it. The three things to be aware of are the following:-

  • Make sure you canonicalise your URL’s. What this means is that Google will recognise one of the URL’s as being the definite one, and rank that URL. This is easily done using Yoast SEO. This is done to avoid duplicate content.
  • Make sure your HTTP redirects to HTTPS. If you have two versions of the same site, it can lead to some problems for things such as checkouts or any form of interaction. You can fix this with this guide on forcing SSL.
  • Make sure you have the new URL of the site listed in Google Search Console and Google Analytics.

Aleyda Solis has a great HTTP to HTTPS SEO checklist of what she does during migration. My list is the basics but she has a more thorough list. Use that.

My Host Doesn’t Support SSL through Lets Encrypt? What Should You Do?

Move host. These warnings are going to get bigger and more substantial over time (Google has suggested that over time they will start showing the “not secure” warning for all sites), so it is in your best interest to put your site behind HTTPS. So here are a list of hosts I have verified have the ability to add LetsEncrypt to your site. If you can comment on your host having SSL please do so, and I’ll add it to the list.

Host Name Type of Host LetsEncrypt? Other SSL Certificates? Price / Sites Link
34SP Managed WordPress Yes Yes £14.95/month
(3 Sites)
Visit 34SP
SiteGround General Hosting Yes Yes £2.75/month
(1 Site)
Visit SiteGround
WP Engine Managed WordPress Yes Yes $29/month
(1 Site)
Visit WP Engine
Dreamhost Managed WordPress Yes Yes $19/month
(1 Site)
Visit Dreamhost
Flywheel Managed WordPress Yes Unsure $15/month
(1 Site)
Visit Flywheel
Pressed Managed WordPress Yes Unsure $99/year
(Unsure cost/site)
Visit Pressed
Pressable Managed WordPress Yes Unsure $20.83/month
(Unsure cost/site)
Visit Pressable
 
 
 

Comments

Polite Disclaimer: I am welcome, open and willing for corrections to be shared in the comments (with corrections being added to posts and credited), and the comments field should be used to promote discussion and make this post better. I do not know everything and if anybody finds a better way to do something, then by all means please share it below.

However, I'm unable to offer support to posts. The reason being is that WordPress has tens of thousands of plugins and millions of themes. As such, finding out exactly why code doesn't work with your setup is a long process. If you wish for me to look at your code, please use the priority support area.

Comments asking support will be left on the site, but there is no guarantee of answer.

  • Pankaj Dhawan

    Hey Rhys,

    I did see that not secured thing on my own website as well but didn’t know about this way. I guess I still will have to wait since the hosting provider I am with, they are into process of considering Letsencrypt added to the shared hosting plan.

    I will keep checking on this but thank you so much for this much needed information.

    March 21, 2017 at 3:58 pm

Comments are closed.