A browser may show “Not Secure” when a website is not loading through a trusted HTTPS connection. This can happen even if the site looks normal to you.
The warning does not always mean the website is hacked. It usually means the browser cannot confirm a secure connection for the page you are viewing.
The most common reason is that the visitor is on the http:// version of the site instead of the https:// version.
HTTP does not encrypt the connection between the browser and the website. HTTPS does. If the browser sees HTTP, it may warn visitors that the page is not secure, especially on forms, login pages, checkout pages, and pages that ask for personal information.
Try typing the website with https:// at the start. If the secure version works, the site may need a redirect so visitors are sent to HTTPS automatically.
The SSL Certificate Is Missing or Not Installed
Your site needs a certificate installed on the hosting environment that serves the website.
If there is no certificate, or if the certificate was purchased but not installed, visitors may see a security warning. Buying SSL and installing SSL are not always the same step.
Some hosting products include automatic SSL. Others require installation, validation, or renewal steps.
The Certificate Is for the Wrong Domain
The certificate must match the domain visitors are using.
For example, a certificate for yourbusiness.ca may not cover shop.yourbusiness.ca. A certificate for one domain will not protect a different domain. Depending on the certificate, www.yourbusiness.ca and yourbusiness.ca may also need to be checked separately.
If the browser says the certificate name does not match the site, confirm that the certificate covers the exact domain version you want visitors to use.
The Certificate Has Expired
SSL certificates expire. If renewal fails, visitors may see a warning even though the site worked before.
This can happen when:
The certificate was not renewed
Domain validation failed during renewal
The domain changed hosting
The certificate was renewed but not installed
The payment method or account status interrupted renewal
If a site suddenly starts showing warnings after working for months, check the certificate dates.
The Site Has Mixed Content
Mixed content happens when a page loads over HTTPS but some images, scripts, stylesheets, fonts, or embedded resources still load over HTTP.
Some browsers block unsafe resources. Others may show warnings or remove the secure indicator. In WordPress, mixed content often comes from old media URLs, theme settings, plugins, page builders, or hard-coded links.
If the site looks broken and says “Not Secure” after SSL was added, mixed content is a likely cause.
The Redirect Is Not Set Up
Even with a valid certificate, visitors may still reach the HTTP version if the site does not redirect properly.
A redirect tells browsers and search engines to use the HTTPS version. Without it, both versions may exist:
http://yourbusiness.ca
https://yourbusiness.ca
For a business website, the HTTPS version should be the normal version visitors use.
The Browser Has Cached an Old Version
Sometimes the browser or website cache shows an older version of the page. This is more common right after installing SSL, changing redirects, or updating WordPress URLs.
Test in a private window, another browser, or another device. Also clear website cache if your site uses a caching plugin, hosting cache, or CDN.
What to Check First
Start with the exact URL in the address bar.
Check:
Does the address start with https://?
Does the warning appear on every page or only one page?
Does it happen on both www and non-www?
Is the certificate expired?
Does the certificate match the domain?
Are forms, images, or scripts loading over HTTP?
Was DNS, hosting, WordPress, or SSL changed recently?
Avoid changing many settings at once. SSL warnings are easier to fix when you identify whether the issue is the certificate, the redirect, the domain, mixed content, or caching.
What Visitors Should Do
If you are a visitor and a site says “Not Secure,” do not enter passwords, payment details, or personal information unless you know the site and understand the risk.
If it is your own business website, treat the warning as something to fix quickly. Even if the content is harmless, the warning can reduce trust and may stop people from submitting forms or completing orders.
We empower people to succeed through practical business information and essential services. If you’re looking for help with SEO, copywriting, or getting your online presence set up properly, you’re in the right place. If this piece helped, feel free to share it with someone who’d get value from it. Do you need help with something? Contact Us
Want a heads-up once a week whenever a new article drops?
