Ben Crosby

Picture this: A customer sees your digital display ad and it works! 

They click the link and wind up on your website, but — uh oh, they look at the top left corner of their browser and see the dreaded “ⓘ Not Secure.” Or, worse yet, a pop-up window blocks their entry with a scary warning about your site.

Whatever they see, the uneasy feeling they get remains the same. After all, would you risk it?

So how do you prevent this from happening (and keep your website’s reputation intact)? To find out, let’s take a closer look at what it means to have an unsecured website, how to tell if you do and what to do about it before it impacts your customers.

What Is an Unsecured Website?

When a website is labeled “Not Secure,” that indicates the connection between your web browser and the website itself isn’t encrypted. This lack of protection could potentially expose the data shared between your device and the website, such as your IP address, login credentials, financial information and any personal or sensitive information. In an era where digital security is paramount, utilizing reliable VPN services can be a significant step in safeguarding your online activities.

One easy way to identify unsecured websites is to look at the address bar. If the link is an HTTPS URL, that “S” means it’s safe. On the other hand, an HTTP URL could spell trouble. But what’s the difference between the two, and what role does an SSL certificate play?

HTTP URL vs. HTTPS URL vs. SSL Certificate

Here’s a quick overview of the definitions and differences between an HTTP website, HTTPS links and an SSL certificate:


Hypertext Transfer Protocol (HTTP) is the fundamental protocol for transmitting data over the internet, enabling the transfer of various data types, such as text, links, images and videos, between a web page and your web browser. While this facilitates the basic exchange of information, it lacks the website security features necessary to protect your personal information from hackers — which is why many unsecured websites have since switched over to using HTTPS links.


Hypertext Transfer Protocol Secure (HTTPS) is the new and more secure version of the standard HTTP protocol. By using an encryption protocol called a Secure Sockets Layer (SSL) certificate, an HTTPS site maintains a secure connection between the web page and the browser. That way, you can add an extra layer of security that protects your visitors’ data from potential exposure to hackers.

SSL Certificate

An SSL certificate acts as digital proof of your website security. It’s granted by the Certificate Authority (CA) and ensures the data exchanged between users and the site remains private and secure. A web page needs an SSL certificate before it can convert its URLs from HTTP to HTTPS links. Moreover, it assures your visitors that you can and will protect their sensitive information, positioning your website as a legitimate, trustworthy page.

Why Is It Essential To Secure Your Website?

Unsecured websites can have serious consequences for their owners — especially if the business offers online transactions where the exchange of financial information (like credit cards) is necessary. These HTTP sites are more susceptible to cybersecurity threats like malware, which could impact both the company and its customers if sensitive information gets out.

But to truly understand why you need a secured website, let’s take a look at some of the real-world impacts of inadequate site security:

Users Are at Risk of Identity Theft

The biggest and most obvious consequence of an unsecured website is the risk of hackers stealing sensitive information and personally identifiable information (PII). Whether it was malware, man-in-the-middle (MITM) attacks or manipulating a website with parameter tampering, over 422 million people fell victim to data compromises in 2022 alone, according to the Identity Theft Research Center (ITRC). And this worrying trend of cyber attacks has only been on the rise, along with the estimated cost per breach, reaching nearly $4.5 million in 2023, per IBM.

Visitors Fall Victim to Cyberattacks

Even if you’ve converted to HTTPS URLs, you could still lose your SSL certificate, leaving your website (and visitors) vulnerable to attack. If hackers target your site, they could steal valuable data and use it to scam, extort or steal from your customers. They could even steal your visitors’ identities — and if you’re a B2B company dealing with other organizations, that could mean putting them at risk as well. This is why identity theft protection is crucial for any website that handles sensitive information

You Lose Trust With Loyal Customers

Maintaining customer trust is paramount in the digital age, but a data breach event can seriously harm your reputation and credibility. Even if you evade a major incident, having a website go unsecured demonstrates negligence or even disregard toward your clients’ data privacy and security. As this trust and loyalty erodes, regaining it will be an uphill battle as your visitors migrate to competitors with greater perceived security.

Clients Take Their Business Elsewhere

Ultimately, the result of an unsecured website is a boost for your rivals. As your customers fear for their digital safety, they’ll leave your website en masse in favor of competitors. Even if your products or services are superior, a lack of security can be the first and final nail in the coffin.

So what can you do about it?

How To Tell If Your Website Is Unsecured

The first step is to check up on your website and ensure it has a secure connection. Look to the left of the address bar for one of these symbols:


Ⓘ Not Secure.

⚠️ Not Secure or Dangerous.

If your website comes up as Not Secure or Dangerous, you may need to verify that your SSL certificate is current and update it if need be.

How To Secure Your Website

If you just found out your website is unsecured, don’t panic! This is an easy fix; all it takes is 5 easy steps:

1. Install an SSL Certificate

First, you’ll need to purchase and install an SSL certificate from a trusted provider to convert your website from HTTP to HTTPS. Once this is set up, you should notice the URL change and a new lock icon in the address bar. 

2. Add Redirects to Non-HTTPS URLs

Next, redirecting non-HTTPS URLs to a secured HTTPS protocol is a crucial measure to ensure visitors clicking an unsecured link still end up on the encrypted page. Otherwise, if someone clicks an outdated HTTP link, they could end up on the unsecured version of your website.

There are three ways to incorporate these redirects:

  1. Modifying the .htaccess file (if your website uses an Apache web server).
  2. Utilizing the built-in functions of a server-side language like PHP or Ruby.
  3. Leveraging a redirect plugin to automatically divert non-HTTPS URLs.

The latter option is the easiest way to redirect URLs, but it requires a content management system to work.

3. Ensure Outbound Links Use an HTTPS URL

You might also want to ensure that any outbound links send your visitors to an HTTPS URL. Not only will this help ensure a secure connection between websites, but it will also improve the user experience as they enjoy a seamless transition (without a popup warning).

To do this, start by updating the HTML code on your website to use HTTPS instead of HTTP. You’ll also need to make sure the outgoing website actually supports HTTPS as it might not have an SSL certificate. If this is the case, you can either use an HTTP URL or simply link to a different, more secure web page.

4. Update Your Site Map to HTTPS

In addition to updating your outgoing and non-HTTPS links, you should also refresh your XML site map. This step involves reviewing all the URLs across your site to ensure they’re updated to the secure HTTPS protocol and safeguard your connections.  As you work your way through your site map, you’ll also want to update the robots.txt file so that Google’s search engine bots will crawl all of your HTTPS links. 

5. Submit Your Website to Google Search Console

Finally, you’ll need to notify the search engines of your new website. If you use Google Search Console, you can add your updated HTTPS version by:

  1. Logging into your Google Search Console Account.
  2. Navigate to the “Add a Property Button” and click it.
  3. Enter your website’s URL and choose the Domain option.
  4. Select the HTML Tag and paste in your website’s code.
  5. Save your changes and click “Verify.”

Once this verification process is complete, you’ll be able to monitor your site’s performance, submit your site map and proactively identify (and resolve) any potential issues.