duda
Platform
BUILD HIGH-PERFORMING SITES
Website builder
Create beautiful websites at scale
ALL ESSENTIALS INCLUDED
AI Assistant
Boost your efficiency with built-in AI tools
SEO
Build sites that rank higher
eCommerce
Sell products online and offline
Transactional sites
Sell services, subscriptions, and more
ACCELERATE YOUR GROWTH
White label platform
Fully own your customer experience
Client management
Manage all of your projects in one place
Team collaboration
Invite staff and clients to work together
Client billing
Manage client payments hassle-free
Automation
Unlock efficiency with smart automations
EXPAND YOUR BUSINESS
App store
Drive recurring revenue with apps
The Simple Editor (DIY)
Simple interface for non-technical users
MORE FROM DUDA
Templates
Made with Duda
Accessibility
Solutions
DUDA FOR
Agencies
See why Duda is the top website builder for agency growth
SaaS
Add a seamless-integrated website builder to your SaaS offering
 
Hosts
Provide high-end website solutions integrated with your services
INDUSTRY CASE STUDIES
Real estate
Travel & Hospitality
Transportation
View all success stories
Resources
BUILD
Templates
Get started with beautiful templates
Developer portal
API, extensions, and developer tools
Hire an expert
Get expert help for your next project
CONNECT
Webinars & events
Learn from experts, online or in-person
Community
Collaborate with other Duda users
LEARN
Blog
Get insights to fuel your business
Product Updates
Discover Duda's latest releases
Duda University
Take your skills to the next level
Success Stories
Get inspired by real wins
GET HELP
Support portal
System health check
Pricing Enterprise
Contact sales
How to Fix the Connection Is Not Secure Error
BY Ashley Ashbee May 7, 2020
0 minute read


We’ve all been there. You open up a link and you see an ominous “connection is not secure” message in front of the web page’s URL in the browser address bar. Uh oh. Seeing this may take you through a whole series of emotions. Frustration. Concern. Annoyance. You are probably asking yourself:

  • Is it safe to browse this site?
  • Is it safe to buy something from this site?
  • Will I get hacked if I log into this site or submit information?
  • Does this company care  if I get hacked?
  • Has  this site been hacked or could it be hacked?

Then, right in the middle of the screen, there’s the unmistakable full-page warning, which likely prompts you to click away and never return.

If you manage a site showing the “connection not secure” warning, it’s quite possible that you may utter some spicy language, especially if you have installed an SSL certificate, but the site is showing as insecure anyway.


First, make sure it’s not a date or configuration issue. If your site is showing “not secure,” click the “not secure” link in the browser bar and check the following things first:

  • Make sure your SSL certificate is valid for the current date
  • Make sure your SSL certificate is configured correctly using an SSL checker

If you have an SSL certificate and you’re seeing an error, you’ll need to either get a new certificate, or fix the configuration of the certificate you currently have.

Additionally, make sure your date and time are accurate on your server. Every SSL certificate is only valid over a range of dates, and sometimes incorrect clock settings, especially on a server, can cause an issue.

What is HTTPS?

Before we go into fixing the problem, it’s important to understand what the “connection is not secure” warning means and why it’s there.

HTTPS stands for Hypertext Transfer Protocol Secure. It is a type of encryption that protects the privacy of the connection to a website. If HTTPS isn’t present or isn’t set up properly, modern browsers like Chrome and Firefox indicate the site is “not secure” to let visitors know that they may incur some risk in using the site.  Google has marked sites that don’t support HTTPS connections with a “connection is not secure” warning since 2018.

Do I really need HTTPS?

Yes! It’s especially important if you engage in eCommerce or if you collect user information on your site. Without HTTPS, the connection to your site isn’t encrypted. This means that a hacker could access your users’ information while it’s in transit.

Even for non-eCommerce websites, data submitted via online forms also should be transmitted securely. HTTPS ensures that.

HTTPS Improves Credibility with Site Visitors

HTTPS is also about trust. Showing you have a secure connection is important for your relationship with your visitors. It indicates to them that the information they see on your site has been loaded and controlled by you only, not by malicious activity.

Visitors may also feel hesitant to do business with you or refer you if they see “connection is not secure” and conclude that you don’t take security or privacy seriously.

HTTPS Improves Credibility with Potential and Existing Online Customers

Security is top-of-mind for many people. It’s common knowledge that personal information can be intercepted on its way to or from an insecure site. Most people won’t want to take that risk.

Here’s another reason to ensure HTTPS is in place across your website: in 2014, Google started exploring if they should factor HTTPS into site’s ranking in search results. Flash forward to today:  Google now uses HTTPS as a ranking factor in determining its search results. 

Does that mean Google will favor your website if it is secure? Not necessarily. Yes, it’s technically possible that you can still rank high in the SERP if your website is insecure. Some other elements of your SEO status may override HTTPS ranking impact. That said, it’s probably less likely than if it is secure. Not having HTTPS can certainly penalize you in search results , and sites that don’t support HTTPS may rank lower in Google search.

In other words, HTTPS is not a sole factor in your ranking, but it could be a tiebreaker. For example, if your site and another site meet the same criteria for achieving a certain ranking and the difference is that your site is secure and the other one is not, Google may favor yours.

How to Enable HTTPS on Duda

If you host your site on Duda, you can skip the work required to enable HTTPS compared to most WordPress or cPanel installs.

Duda automatically creates an SSL certificate for a site the first time we see traffic to it. Then, the certificate is provisioned and installed, usually within two hours. To learn more, see how to get SSL on Duda.

Conversely, if for any reason you want to disable HTTPS for a Duda website, you can do that as well. 


Note: All Duda sites also include malware protection, regular scanning for vulnerabilities, and other built-in security measures.

How to Enable HTTPS on other environments

While there are many ways to set up SSL and force HTTPS to your site on most non-Duda content management systems, it almost always involves several steps, external vendor registrations, sign-ins, activations, manual integration with your hosting and probably troubleshooting. Ugh.  That said, here are some pointers.

How to Force HTTPS with WordPress

Different systems have different ways to address this issue. With WordPress, first, you have to get an SSL certificate for your WordPress installation. (Note: Some WordPress hosting providers charge hundreds of dollars per year for an SSL certificate.)

Here are the steps that are typically involved:

  • Request and, if necessary, pay for the SSL certificate from the certificate authority
  • After requesting the certificate, you’ll need to validate your request, either through modifying the code on your WordPress domain or through another means that shows that you are a legitimate requestor of the certificate (here’s an example of the process ; it’s not trivial)
  • Once you have been verified, the certificate needs to be installed, which can be a path fraught with peril

Once the certificate is installed, then you may want to ensure that HTTPS is forced across the entire WordPress site. In WordPress, you can force HTTPS with a plugin that will ensure that every page in the future follows HTTPS. To do this part of the process, you’ll need to explore the following steps.

  • Go to your plugin section in the WordPress dashboard and search for a plugin that will force SSL or force HTTPS
  • Install the plugin
  • Activate the plugin
  • Configure the plugin and, if needed, adjust its settings
  • Test the plugin and make sure it's working correctly

Additionally, if you’re getting an SSL certificate from a certificate authority associated with a host, you’ll likely need to renew the certificate every one to two years, and get to go through this same process each time.

Reminder:  In contrast to WordPress, modern systems like Duda take care of HTTPS automatically

How to Force HTTPS on cPanel


You can also force HTTPS in your cPanel via your host if you’re using WordPress, Drupal, Joomla, or another CMS. Here’s how:

  • Open your cPanel, log in, and visit the "Dom
    ains" section
  • Toggle the "Force HTTPS" button beside the domain you want to force

My SSL is set up correctly, but I still don’t have the padlock

If even just some of your pages, subdomains or content elements aren’t protected with HTTPS, portions of a site will still show “not secure” and won’t have the padlock. As if you didn’t have enough to deal with, right?

First, double check that all subdomains and pages on your site do have SSL installed.

Next, check for individual insecure elements that the pages themselves are linking to. Many times, externally-linked images, libraries, or stylesheets may be the culprit.

You can generally identify these insecure elements pretty easily with an SSL checker. For these elements, ensure that any links to those elements are using HTTPS, and not HTTP.

Related:  Want to see how else you can save time on your workflow? Schedule an appointment to speak with a Duda success manager.

Did you find this article interesting?


Thanks for the feedback!
A homepage of a website with a headline menu and color menu

Accessible websites: Complete checklist for agencies

By Renana Dar March 31, 2025
In today's article, we'll give you a complete checklist to run through when handling web accessibility for your clients.
A collage of images from news articles about EAA.

EAA is coming for your clients. Help them comply!

By Renana Dar March 31, 2025
The EAA deadline is approaching. Ensure your clients comply to avoid penalties and reputational risks—while positioning your agency as an accessibility leader.

What does it actually mean for a website to be HIPAA compliant?

By Shawn Davis March 27, 2025
If you work with patient information in the United States, you’re likely very, very familiar with HIPAA. What you might not be so confident about, though, is how it impacts your website. Thankfully, it’s not as scary as it seems.
Show More

Latest posts

Share by: