Is there a warning on your WordPress site that says Not secure? Does this ‘Not Secure” warning appear on all pages of your WordPress website? This issue is not only familiar, but it is also serious. It can scare you and your visitors. It may even affect the search engine rankings of your website. How can you ignore this warning to restore the security of your website?
This problem can be easily solved. It is necessary to install an SSL certificate for your website. You can do this by installing a new certificate, configuring it properly, or renewing the certificate if it’s expired. Don’t worry if that sounds different. This article will show you how to remove WordPress’s warning that the site is not secure.
TLDR: If your browser marks your WordPress site as “Not Secure,” it’s because it could not locate an SSL certificate or may not trust the certificate that’s already there. Make sure your SSL certificate is current and integrate MalCare’s powerful firewall and malware protection to strengthen your site’s security.
Why isn’t your WordPress site secure?
You may find that your WordPress site is not secure because you do not have an SSL Certificate or the certificate has expired or been incorrectly configured.
SSL certificates are essential to encrypt data sent from and to your website. All data sent to or from your site is not secure without this certificate, and hackers can easily access it. It is, therefore, vital to configure an SSL certificate for your WordPress website.
By using an SSL certificate, you can improve the security of your website’s HTTP protocol by upgrading it to the secure HTTPS version. HTTPS also provides a padlock beside your website’s address to indicate its reliable and safe nature.
If your website displays the warning ‘Not secure,’ this means that it does not use the HTTPS protocol. If your site is marked as ‘Not secure,’ it could discourage users from visiting the site. There are simple solutions to this problem, which will be discussed in the next sections.
How to fix the WordPress warning that your site is not secure?
The following steps will explain how to remove the Site ‘Not Secure’ message from your WordPress website:
- Backup your WordPress website
- Verify the SSL status of your website
- Installing an SSL certificate
- You can fix your SSL certificate
- Redirect URLs to HTTPS
- Replace all HTTP URLs with their HTTPS counterparts
- Fix mixed content problems by scanning for them
- Google should be informed of any changes to your website.
- Clear your caches
- Verify if the warning ‘Not Secure” has disappeared
- Backup your WordPress website
You should backup your WordPress site, despite our detailed instructions. This is before you attempt to remove the WordPress warning that the site is not secure. In the event of a problem, you can easily recover your site’s information. In just a few simple steps, you can do this by using a backup plugin such as BlogVault.
Create a BlogVault account and add your website using the URL. Select the automatic installation option and enter your admin credentials. That’s all! BlogVault creates a backup of your site automatically.
- Verify the SSL status of your website.
This can be easily accomplished by entering your site’s URL into an online SSL checker tool such as a href=”https://www.ssllabs.com/ssltest/”>Qualys SSL Labs/a>. Entering your site’s URL in an online SSL checker such as Qualys SSL Labs will make this easy. You can find detailed information about your site’s SSL certificate if you have one. Ensure the SSL certificate has RSA 2048-bit encryption and that you have a result of A+ or A.
- Installing an SSL certificate
This guide will show you how to install an SSL Certificate on your WordPress site if you don’t have one or if it has expired. Before installing an SSL certificate, contact the Certificate Authority (CA) if your SSL certificate is expired. Check out the different CA renewal plans and choose one that works best for you. If your site already has an SSL certificate, then you can skip to the next step.
- You can fix your SSL certificate.
It is possible that the SSL certificate has not been configured correctly if you see a WordPress warning saying your site is not secure despite having an SSL certificate. Follow the below steps in this case:
- Use a plugin to force HTTPS on your site
Use a plugin that configures an SSL certificate to fix your WordPress site’s ‘Not Secure” warning. While various plugins like WP Encryption, SSL Zen, etc. While there are many plugins available to achieve this, we recommend Really Simple SSL.
- Install and activate Real Simple SSL in the Plugins area of your WordPress admin dashboard.
- Navigate to Setting and then Security. You will be taken to the Really Simple SSL Dashboard, which shows any issues that may exist with your website.
- Click on it to activate SSL. You will see a pop-up with important information.
- Once more, click on to activate SSL. In just a few moments, your site will be configured with an SSL certificate. You may not be able to access the admin dashboard while this process is being performed.
- You can enforce HTTPS manually on your site.
This step could have been avoided by installing a plugin such as Really Simple SSL. If the certificate was not installed using the alternate method, then you will need to use the manual solution to fix the WordPress warning that the page is not secure. Remember that this method is not recommended as it could lead to errors that can negatively impact your website.
You can use either Secure Shell (SSH) or File Transfer Protocol (FTP) to enforce HTTPS manually.
2.1 SSH Method
Use Command Prompt for Windows users or Terminal on Macs to perform the steps below.
- Your site host can provide you with the SSH credentials for your WordPress server.
- Enter the SSH command below to log into your WordPress website’s server. Replace ‘user_name” and ‘IP address” with the correct server credentials.
ssh username@ipaddressCopyCodes for a better understanding
Enter your password when asked.
- To list all files, enter the following command:
lsCopyCodes for a better understanding
- The wpconfig.php should be located. Open it with the following command:
vi wp-config.phpCopyCodes for a better understanding
- To edit the file, press together to insert the code below before the file’s end:
define(‘FORCE_SSL_ADMIN’, true);CopyCodes for a better understanding
- To save and exit the editor, press Esc, then type wq.
- Add the following code to the file before it ends.
RewriteEngine Off RewriteRule RewriteCond %HTTPS *)$ https://%HTTP_HOST%REQUEST_URI [L,R=301] CopyCodes for a better understanding
FTP Method 2.2
Follow the steps using an FTP program like Filezilla.
- Your site host will provide you with the FTP credentials for your WordPress server.
- Enter your IP address, username, password, and port number, if applicable, in the host section. Click on quick connect.
- Once you log in, the file structure for your WordPress site will be displayed in the remote site section. Double-click public_html and open the folder. Find wpconfig.php among the files below.
- Click on the wp-config.php and choose View/Edit from the context menu to edit the file.
- To save a file, enter the following code in the editor and then press Ctrl+ S on Windows or Command + S on Mac:
define(‘FORCE_SSL_ADMIN’, true);CopyCodes for a better understanding
- You will be asked to upload your edited file to the WordPress server when you close the file editor. You are finished when you click Yes.
- Add the following code to the end of the file after you have completed steps 4 and 6:
RewriteEngine On %HTTPS Off RewriteRule $ (. *)$ https://%HTTP_HOST%REQUEST_URI [L,R=301] CopyCodes for a better understanding
If this happens, insert the following lines of code into the strong>wp-config. Php/strong> file using either method mentioned above: Insert the next code using the above techniques into the wpconfig.php files if this happens.
if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) $_SERVER[‘HTTPS’]=’on’;CopyCodes for a better understanding
Add these lines to the code before the next line.
Leave a Reply