HTTPS Connection is Not Secure – Here’s an Easy Fix

Given that many webmasters are now fully aware of Google’s promise to rank sites using SSL certificates (displaying a site’s address with HTTPS in the address bar of a browser), in order to protect their website visitor’s devices and private information, it is not a surprise to me to see how many websites are now rushing to purchase and install their SSL certificate.

However, it is rather alarming to see the many websites whose webmasters are not paying close enough attention in making sure that all pages and/or posts on their websites are secure, once the certificate is in place.

They should be making sure their sites are not displaying a warning icon in front of the padlock icon (like the one shown in the screen print below), which when clicked on, states Connection is Not Secure.

screen print of an address bar of a website displaying the caution symbol, announcing Connection is Not Secure

This will more than likely scare away most mobile-users, as well as newbie computer users from ever enter any website with these symbols clearly displayed, simple due to fear of their devices being damaged (hacked).

The screen print above was taken from a Firefox browser. Google promises to be even MORE “in your face” with a warning on their Chrome browser.

How to Fix Connection is Not Secure

If your website uses WordPress, then there is a simple fix for this and it comes in the form of a plugin. At the present time, there are 2 different plugins to choose from:

  1. ) SSL Insecure Content Fixer plugin
  2. ) Really Simple SSL plugin

When following the instructions that come with these plugins, both of them will/should resolve most (if not all) of your site’s issues in securing the connection to your website.

Help with Setting up SSL Insecure Content Fixer

screen print of the left sidebar of a WordPress Dashboard showing where to find SSL Insecure Content Fixer settings

Once this plugin has been installed and activated, go to your WordPress Settings, find “SSL Insecure Content” (see screen print above) and click on it in order to go to the plugin settings.

screen print of SSL Insecure Content Fixer settings page, detailing the options available

This plugin comes with the “Settings” in the “Off” position. The lowest setting is “Simple” and the strongest setting is “Capture All” (see screen print above). However if you use the “Capture All” setting, there is a clearly labeled warning that states using this option is “the biggest potential to break things but sometimes necessary”.

READ  Why Your Business Website Needs a Blog

At the start, it is recommended that you select the lowest setting first, which is “Simple”, and then check your website to see if all of your pages and posts are now displaying the green padlock. If one of more page or post is displaying the caution icon, proving it is “Not Secure”, then simply select the next higher settings level up, and then check your pages and posts again, repeating as necessary until your site proves to be totally secure.

Help with Setting up Really Simple SSL

screen print of the left sidebar of a WordPress Dashboard, Plugins showing where to find Really Simple SSL settings

For the Really Simple SSL plugin, click on the “Settings” option, shown in the screen print above, from the Plugins page, check out the options available, should you need to increase the settings. At the time of writing this, there were more options that if they were required, available to the free version of this plugin. However, there were more options offered for their paid version of this plugin.

I found that I did not need to go to adjustment the settings for most of the websites that I installed and used the Really Simple SSL plugin on.

Testing Your Website SSL Certificate

However, the real testing begins when you test your website for security from Why No Padlock, and so far this remains a free tool for webmasters to use.

screen print of the website

Should your website be deemed Not Secure on any of your pages or posts, Why No Padlock will display the reason(s) your site did not pass. Sometimes it is as simple as a linked image address needing to be changed from reading “http” to “https”. And then sometimes it might be a commenter’s linked site address that needs to be updated (or the link removed altogether). Then again, sometimes the error(s) can be a little more difficult to discover.

That’s when you can simply move up to a higher setting option on the Setting page of the SSL Insecure Content Fixer plugn, making this the preferred plugin for more complicated websites.

READ  How to Make Google Love Your Website – All About Structured Data

Should you be using a website that does not use a content management system (CMS) such as WordPress, then you may need to create a htaccess file for your website. You can use the following:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI}[L,R=301]

(Be sure to remove the “www” from the bottom line in the code above IF your URL is NOT using that in your web address. In my case with this website, I DO use the “www” as that is the exact address I used originally.)

This will force the use of HTTPS rather than HTTP in order to maintain your website being displayed with the security certificate being used to protect your website visitor’s devices and their private information.

If you find these instructions more time consuming or simply more daunting than you are willing to follow, then I hope you will feel free to reach out and ask for my help. I will gladly help you resolve your website security issues.

Updating Your Google Analytics Tracking Once SSL Installed

Now that you have successfully installed your website security certificate, if you have been using Google Analytics (which you should be), then you will need to add your site as a NEW website. Changing even one character in a website address makes the site a totally new domain in the “eyes” of Google Analytics.

The following is a video tutorial to help you update your Google Analytics tracking code.

If Your Site Looks Like This…

Recently, I gained a new client who came to me for help because their webmaster no longer wished to host their website for them anymore. Once I was able to log into this site’s WordPress Dashboard, I was shocked to discover how neglected this local business website was as it was in very bad need of several (18 to be exact!) updates. The screen print below will show you just how many updates this particular site needed.

screen print of the left sidebar of a WordPress Dashboard showing the many updates needed on a website

Do understand; this local business website is NOT the first to have come to me in this sort of condition before. So, here’s a little bit of information for you if you have a webmaster hired to manage your website for you. If your webmaster is charging you to maintain your website, then they should be providing you with a regular report on what they have done to keep your website up dated regularly.

READ  The Power in PowerPoint Slideshows!

If you have never received such a report, and your website is constantly losing rank in Google search results for your niche, this could be your site’s problem too. Reason I say this is that the website the screen print above was taken from was not only NOT being updated regularly BUT had been constantly slipping in Google search results lately too.

Local business owners need to understand the need for keeping their website fully maintained, along with having a SSL certificate installed on their website… that is, if you want your local business website to rank in Google search results from 2018 forward.

Google’s main reason for ranking well protected and updated websites is that they want to make sure they protect THEIR user’s devices and private information with the sites they offer them for what they are looking for. If a website is not being maintained regularly, it becomes more and more easily compromised and possibly taken over by hackers. Hacked sites can be very dangerous for most devices used by website visit when visiting hacked sites.

If this makes sense to you, and you would like to have a reliable person maintaining your website for you on a regular basis, then please, feel free to contact me.


Website Designer for Parr's Publishing. As a full certified Internet Specialist, I help business owners and organizations increase their profits by providing them with a fully managed, custom designed website as well as basic Search Engine Optimization.

2 thoughts on “HTTPS Connection is Not Secure – Here’s an Easy Fix”

    • Hey Krishna, under subtitle “Testing Your Website SSL Certificate”, 4th paragraph, please note the following: “Should you be using a website that does not use a content management system (CMS) such as WordPress…”

      However, I have now added to the .htaccess code and then made a notice in brackets below the code, as I had not really mentioned the necessity for using or not using the WWW. Much appreciate your commenting. Thank you.


Leave a comment