Is your website showing "Not Secure" and scaring your visitors away?

Recently, you may have noticed that your website is showing a “Not Secure” warning in the browser bar next to your website address. On a tablet or smartphone, visitors may even be told “This connection is not private” and refuse to display your website at all. This can be very scary for potential visitors, and if you book tickets through your site, you could well be losing sales.

What’s happened?

Don’t worry, it doesn’t mean your website has been hacked. It’s a security measure that Google introduced to it’s Chrome browser in July 2018 and which other browsers, such as Apple Safari, have also adopted to warn people that the site may not be secure. It’s because your site is still using the HTTP protocol (you may know that your site’s full address begins with “http://“ before “www...”) instead of the more secure HTTPS which encrypts the data being passed between your device and your site’s servers.

The good news is it’s relatively straightforward to fix.

First, you need an SSL Certificate so you can use HTTPS. You can buy one, but they can be expensive. Far better to use the free “Let’s Encrypt” service which is sufficient for amateur theatre companies. You’ll need to do this through your web hosts. Go to your web hosting account and if you use cPanel or Plesk to manage your account, you will probably find an option to enable “Let’s Encrypt”. It’s usually as simple as clicking a button. If you can’t find the option, you might need to contact your web hosts for their assistance. If your web hosts don’t offer the option, go to the “Let’s Encrypt” website for more help (or consider changing your web hosts!).

Once you’ve activated your SSL certificate, you need to change your website address to incorporate the new HTTPS prefix. In effect, you are moving your entire website to a new address. If you use Joomla (like me!) this can be done by enabling a single setting within Joomla and everything is done for you! (WordPress sites are similarly easy.) If not, you may need the help of your web hosts again to make the changes, which might include setting a “301 Redirect” to automatically direct previous visitors to your “new” location. Again, there is detailed advice on the “Let’s Encrypt” website if you need it.

Once you’ve done all that, your website should now be using the HTTPS prefix and you’ll see a reassuring padlock in the browser address bar to indicate your site is now secure.