Your website will be flagged as “Not Secure” in a web browser if it does not provide any encryption of the data which passes between the website user and the site.
This data could include things like usernames and passwords, data captured in online forms, comments, credit card details, or any other kind of data, including simply requesting web pages from the site.
Without encryption, data is passed in “plain text”, meaning that if anybody finds a way of intercepting the data, they can easily see what was sent by the user. This is a clear security risk.
Why is this a problem?
An insecure website is not necessarily a problem but increasingly it is considered good practice for website owners to provide encryption so that their users’ data is made harder to intercept by hackers.
The more precious the data, the more necessary it becomes to provide encryption. For example, a static website with no forms, which collects no data from users, arguably does not need encryption.
Whereas, a website which has an online store, collecting credit card details, definitely would require the highest levels of encryption to keep it’s users’ data safe.
Are there penalties for not having a secure website?
Search engines such as Google have been saying since 2014 that all websites should be secure. To this end, Google is now applying a very small penalty to websites without encryption, making it slightly harder for such sites to be found in searches. So for security, search ranking, and courtesy to your users, it is a good idea to provide encryption.
How do I remove the “Not Secure” notice from my website?
When you install encryption into your website, the web browser will stop saying “Not Secure”, and instead will display a green padlock icon. This is a trusted symbol that users understand means that their data is being securely transmitted.
Check our article on how to remove the “Not Secure” notice from your website by installing an SSL certificate.