If visitors are seeing a message saying your site is insecure (or are warned that the connection is not private) when they try to browse to your website, then you need to take action!
Most web browsers see sites with an expired or non-existent SSL certificate as insecure, and will block or warn users who try to visit that site. This protects users from insecure sites by warning visitors before they are sent to the site. Visits to insecure sites can be intercepted by a third party, meaning that information you exchange with the website (e.g. through contact forms) can be exposed.
So you need to secure your website with an SSL certificate to ensure that communications are encrypted, and there is no chance of a 3rd-party spoofing the website to pretend it is the original site.
I should already have an SSL certificate
If your site has previously been secured by an SSL certificate, and is now showing as insecure, this suggests your SSL certificate has expired.
In this case, contact your web host immediately in case they have failed to renew the certificate.
If you purchased the certificate yourself, you may need to renew the certificate through your certificate provider and then send the certificate to your hosting company so that they can re-install it. Usually, certificates are renewed annually, and so if you can’t remember who your certificate provider is, you’ll probably need to check your emails from a year earlier!
I don’t already have an SSL certificate
A lot of web hosts offer free SSL certificates these days – for example, our SSL certificates are free if you host your site with us. Other web hosts may charge a fee for purchasing and installing a certificate on your behalf. This may cost from £10 upwards, per year. There is also some work to do to your website in order to fully configure it to take advantage of the SSL certificate. This is generally quite straightforward, but you need to be careful to do the work properly to ensure you don’t lose any website traffic!
You can check whether your SSL certificate is present and valid, and why your site is insecure, by browsing to https://www.whynopadlock.com/ and testing your website url.
If your site is insecure, and you would need some help configuring your SSL certificate to make sure it is done properly, please contact us.
Posted in: Security