All help articlesSite shown as “Not Secure”
Google has a feature on their Chrome browser that actively alerts users that a site is not secure when any type of data is entered into a site that does not have a “secure” or encrypted connection. Here’s an example of how that error message may look:
Why am I seeing this?
If you are seeing this on your site, it means that some portion of the content being loaded is coming over without encryption. If any party were to intercept a connection between your site and a visitor, they could see the data being passed back and forth.
Is this a new thing?
Over the past decade, more and more sites have begun implementing SSL certificates on their site to secure information going to and from their site. Think of SSL like a secret decoder pen for your website where everything is being encoded and decoded on the fly. When put in place, your site and your visitors are effectively speaking a secret language. If anybody tries to snoop in, they won’t understand what’s going on. This has been great for securing websites running e-commerce or collecting form data from users.
Recently, there has been a push from companies like Google to get every site encrypted with an SSL certificate to protect your privacy and create a more safe and secure web experience for everyone.
What should I do to fix it?
Here’s a helpful checklist to get your connection secure:
Make sure you have a valid SSL certificate
In the Flywheel dashboard for your site, navigate to the Overview tab and check to see if you have SSL enabled under the Domains area. If not, click Enable SSL next to a domain to begin the certificate installation process.
To learn more about SSL certificate types, check out this help doc.
Force HTTPS
Once you have a valid SSL certificate installed, the first thing you’ll want to be sure to do is ‘Force HTTPS’ across your site. To do this, you’ll want to head to the Advanced tab on your Flywheel dashboard and enable the ‘Force HTTPS.’ toggle switch. (This will only appear once you have an installed and active SSL certificate on your site.)
Make sure everything is loading via HTTPS
With the ‘Force HTTPS’ option enabled, Flywheel will now redirect all your site’s traffic to load pages over HTTPS, which should ensure that your site is displayed as secure.
If you happen to still see the same warning as before it may be due to your site attempting to serve insecure assets over HTTPS. In order to address this, you’ll need to change the insecure asset links present on your site. Please read our guide here about how to fix insecure assets.
Need help?
If you have any questions our Happiness Engineers are here to help!
Getting Started
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!
View all
Account Management
Learn all about managing your Flywheel user account, Teams and integrations.
View all
Features
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!
View all
Platform Info
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!
View all
Site Management
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.
View all
Growth Suite
Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.
Getting started with Growth Suite
Growth Suite: What are invoice statuses?
Growth Suite: What do client emails look like?
Managed Plugin Updates
Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.
-
Managed Plugin Updates: Database upgrades
-
Managed Plugin Updates: Pause plugin updates
-
Managed Plugin Updates: Plugin Security Alerts
Local
View the Local help docs
Looking for a logo?
We can help! Check out our Brand Resources page for links to all of our brand assets.
Brand Resources