A “Not secure” warning in Chrome usually means the site is using plain HTTP instead of encrypted HTTPS, the SSL certificate is missing/expired, or some page elements still load over HTTP (mixed content).

Two situations: visitor vs. site owner

  • If you’re just visiting the site: you can only adjust a few Chrome settings and basic checks.
  • If you own the site: you must fix SSL/HTTPS on your server and in your site’s code.

If you are visiting the website

1. Do quick safety checks

  • Look at the address bar: if it starts with http:// (no “s”), the connection isn’t encrypted.
  • If the site asks for passwords or payment info and shows “Not secure,” avoid entering data until you see https and a padlock.

2. Try these simple fixes in Chrome

  1. Reload the page
    • Press Ctrl + R (Windows) or Cmd + R (Mac) or click the reload icon. Sometimes it’s a temporary issue.
  1. Force HTTPS manually
    • In the address bar, change http:// to https:// and press Enter.
    • If the site supports HTTPS, it should load securely; if not, it may still show an error.
  1. Turn on “Always use secure connections” This setting makes Chrome try HTTPS automatically for all sites.
 * Open Chrome.
 * Click the **three dots** (top-right) → **Settings**.
 * Go to **Privacy and security** → **Security**.
 * Scroll down and enable **“Always use secure connections”**.
  1. Check your device and network
    • Make sure your system date and time are correct ; a wrong clock can break HTTPS and cause widespread “Not secure” or certificate errors.
 * If you use antivirus or security software with “HTTPS scanning,” temporarily disable that feature; it can interfere with secure connections.

 * On public Wi‑Fi, open a new tab and try visiting any site (like `example.com`) to trigger the Wi‑Fi login page; incomplete logins often cause “Not secure” warnings.
  1. Access an insecure site only if you accept the risk
    • If Chrome shows a blocking warning page, you can click Advanced → Proceed (unsafe) for a one‑time visit.
 * Do this only for sites you trust and never for payments, banking, or sensitive logins.

If you own the website

To truly “fix not secure website in Chrome,” you must set up proper HTTPS on your server and clean up any mixed content.

1. Install or renew an SSL certificate

  • Get an SSL from your hosting provider or a free provider (many hosts offer free Let’s Encrypt/AutoSSL).
  • In cPanel‑style hosts, you’ll typically find it under SSL/TLS or Security , where you can view, issue, or reinstall certificates for your domain.
  • If your certificate is expired or misconfigured, renew or reinstall it so Chrome sees it as valid.

2. Force all traffic to HTTPS (301 redirects)

Even with SSL installed, Chrome can still show “Not secure” if users hit old http:// URLs.

  • Configure a site‑wide 301 redirect from HTTP to HTTPS so every visit is automatically upgraded.
  • On many Apache/PHP sites, you do this in .htaccess; on WordPress, you can also use plugins that automatically redirect all HTTP traffic to HTTPS.
  • A permanent 301 redirect tells browsers and search engines that the HTTPS version is the canonical URL.

3. Fix mixed content (HTTP assets on an HTTPS page)

Mixed content happens when your page is loaded over HTTPS but still pulls images, scripts, or stylesheets over HTTP, which keeps the warning alive.

To fix it:

  • Open the site in Chrome, press F12Console to see mixed content warnings listing insecure URLs.
  • Update all those asset URLs from http:// to https:// (images, CSS, JS, iframes, fonts).
  • On WordPress, a plugin and/or a “search and replace” tool (like “Better Search Replace”) can bulk‑update old HTTP URLs in your database.

Once all resources load over HTTPS, the mixed content warning disappears and the padlock returns.

4. Update site URLs and configuration

If you use a CMS (like WordPress):

  • In the settings panel (e.g., General in WordPress), make sure both the Site Address and WordPress Address use https://.
  • Clear any caches (plugins, CDN, server cache) so old HTTP links aren’t served to visitors.

For custom or static sites:

  • Check config files, environment variables, and templates for hard‑coded http:// URLs and change them to https://.

5. Add security hardening (after it works)

After confirming HTTPS works everywhere:

  • Enable automatic SSL renewal in your hosting panel so the certificate never expires.
  • Consider enabling HSTS (HTTP Strict Transport Security) so browsers always use HTTPS for your domain, blocking accidental HTTP access.

These steps together form a full “Not Secure” fix for Chrome and other modern browsers.

Mini forum‑style takeaways

“Chrome shows ‘Not secure’ because it’s telling you: this connection isn’t encrypted, so don’t send secrets here.

  • As a visitor , you mostly protect yourself with HTTPS‑only settings, careful network use, and avoiding sensitive input on non‑HTTPS pages.
  • As a site owner , you actually remove the warning by installing a valid SSL, redirecting everything to HTTPS, and fixing mixed content.

TL;DR:
To fix “not secure” in Chrome as a visitor, enable “Always use secure connections,” check your time, and only enter data on https:// sites. To fix it as a site owner, install/renew SSL, force 301 redirects to HTTPS, update all resource URLs to HTTPS, then add auto‑renewal and (optionally) HSTS so the site stays secure and the warning disappears.

Information gathered from public forums or data available on the internet and portrayed here.