How to Fix “Not Secure” Warnings in WordPress

How to Fix “Not Secure” Warnings in WordPress

Seeing “Not Secure” in your browser’s address bar when visiting your WordPress site? This warning indicates that your website isn’t using HTTPS, which encrypts the data sent between your site and your visitors.

A “Not Secure” warning can damage trust, lower SEO rankings, and even trigger browser blocks. Here’s how to fix it quickly and properly using WordPress and cPanel.

What Causes a “Not Secure” Warning?

- No SSL certificate installed
- Website still loading over HTTP instead of HTTPS
- Mixed content (HTTPS + HTTP resources on the same page)
- Expired or misconfigured SSL certificate

Step-by-Step: How to Remove “Not Secure” Warnings

1. Install an SSL Certificate

If you don’t already have SSL:

- Go to **cPanel > Security > SSL/TLS or Let’s Encrypt**
- Use **AutoSSL** (free) to install an SSL certificate for your domain
- You can also upload a custom certificate if purchased externally

2. Update WordPress URL to Use HTTPS

In your WordPress dashboard:

- Go to **Settings > General**
- Change both **WordPress Address (URL)** and **Site Address (URL)** to start with `https://`

3. Force HTTPS with .htaccess

Redirect all HTTP traffic to HTTPS by adding this to your `.htaccess` file:

```apache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
```

Access this file via **cPanel > File Manager > public_html**.

4. Fix Mixed Content Errors

Even with HTTPS, some elements (e.g., images, scripts, fonts) may load over HTTP.

- Install the **Really Simple SSL** plugin to scan and fix mixed content automatically
- Or manually update hard-coded URLs to `https://` in your theme or database

5. Clear Caches and CDN

If you use caching plugins or a CDN (like Cloudflare):

- Clear your browser cache and WordPress cache
- Purge CDN cache from your provider dashboard

6. Verify SSL Status

Use tools like:

- https://www.ssllabs.com/ssltest/
- https://www.whynopadlock.com/

These tools help check certificate validity, mixed content, and browser compatibility.

7. Set HSTS Header (Optional)

To enforce HTTPS even on the first visit:

- Add this to your `.htaccess` or NGINX config:

```
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
```

Note: Use only if your SSL is fully configured and permanent.

8. Renew SSL Automatically

SSL certificates (especially Let's Encrypt) expire every 90 days.

- Enable AutoSSL in your hosting panel
- Set reminders or use plugins that notify about upcoming expiry

Final Thoughts

Fixing “Not Secure” warnings not only protects your users but also boosts your SEO, trust, and conversion rates. Once SSL is properly configured and forced sitewide, the warning will disappear.

Supercharge Your Hosting Experience with RDPCore.com

At RDPCore.com, we provide:

- Free SSL with AutoSSL and HTTPS redirection
- Full cPanel access to manage certificates and .htaccess
- Secure, optimized WordPress hosting with daily backups
- 24/7 support for SSL installation and mixed content fixes

Make your site safe and trusted—visit https://rdpcore.com today!