What "Your Site Is Not Secure" Means for Your Business - GhostSite

Q: What does “Not secure” actually mean?

It means your website is using HTTP instead of HTTPS. HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of the connection between a visitor’s browser and your website. Without it, any data passed between the visitor and your site — contact form submissions, any information they type — travels without encryption. Browsers have displayed the “Not secure” warning on non-HTTPS sites since 2018. On some browsers and operating systems, the warning is more prominent than others, but it’s always there.

Q: How do you fix a “Not secure” site?

The fix is installing an SSL certificate on your website. An SSL certificate is what enables HTTPS. It’s issued by a certificate authority and verifies that your website is what it says it is. Most hosting providers offer free SSL certificates (via Let’s Encrypt). The process typically involves clicking a button in your hosting control panel or asking your hosting provider to enable it. It takes minutes to set up, not days. After the certificate is installed, you also need to ensure all your pages redirect from HTTP to HTTPS — so anyone visiting the old HTTP URL automatically lands

“Not secure” in the browser address bar is one of the most visible trust problems a website can have. Many business owners don’t notice it because they’re used to their own site. Their customers notice immediately.

What does “Not secure” actually mean?

It means your website is using HTTP instead of HTTPS. HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of the connection between a visitor’s browser and your website. Without it, any data passed between the visitor and your site — contact form submissions, any information they type — travels without encryption.

Browsers have displayed the “Not secure” warning on non-HTTPS sites since 2018. On some browsers and operating systems, the warning is more prominent than others, but it’s always there.

Why does this matter for your business?

Visitors who see “Not secure” lose confidence before they’ve read anything. It signals a site that hasn’t been maintained — not necessarily that it’s dangerous, but that someone isn’t paying attention to basics.

For most visitors, especially those using a phone and not technically minded, “Not secure” is a reason to go back and try the next result.

Does HTTPS affect your Google ranking?

Yes. Google has used HTTPS as a ranking signal since 2014. An HTTP site will rank lower than an equivalent HTTPS site for the same search query.

It’s a minor signal compared to content quality and relevance, but it’s one of the easiest to fix — and there’s no reason not to fix it.

How do you fix a “Not secure” site?

The fix is installing an SSL certificate on your website. An SSL certificate is what enables HTTPS. It’s issued by a certificate authority and verifies that your website is what it says it is.

Most hosting providers offer free SSL certificates (via Let’s Encrypt). The process typically involves clicking a button in your hosting control panel or asking your hosting provider to enable it. It takes minutes to set up, not days.

After the certificate is installed, you also need to ensure all your pages redirect from HTTP to HTTPS — so anyone visiting the old HTTP URL automatically lands on the secure version.

Is there anything else to check after fixing it?

Yes. After switching to HTTPS, check that:
– All internal links on your site use https://, not http://
– Your Google Search Console has been updated to the HTTPS version of your site
– No “mixed content” warnings appear (these happen when a page loads over HTTPS but includes resources — images, scripts — from HTTP sources)

→ Back to the full picture: Why your website might be driving customers away
→ Related: First impressions online: what your website signals to a new customer

GhostSite checks whether your HTTPS is correctly configured and flags any security issues that might be driving customers away.

Check your website now →