Here’s What You Should Do if Your Login & Admin Page Shows a “Not Secure” Warning
If you have a website, you might be aware of how Google has made an SSL/TLS certificate mandatory. Failure to install an SSL certificate equates to the dreaded “Not Secure” warning message from all the popular web browsers like Google Chrome and Mozilla Firefox.
However, if you’ve got an SSL/TLS certificate installed, all your web pages and blog posts will be secure, and your website will not be showing any error message. So, your website will not only BE secure but LOOK secure as well – which shouldn’t hurt with your end-users.
But, once you go to the Login page or open the Admin page of your WordPress site, and Google Chrome still shows a “Not Secure” warning message. In other words, all pages are secure, but whenever the login or admin page of the website loads, it starts showing a “Not Secure” warning – then this sounds like a problem that can be quite frustrating and one you may need some helping with as well.
If you’re questioning, what do I do? How do I resolve this stupid “Not Secure” warning message? I’m frustrated, how do I remove the Not Secure warning message? Then you may be talking to yourself a tad too much. And, also, don’t worry any longer, it’s not a big issue, you can solve it quite quickly actually.
In this easy-to-follow guide, we’ll show you what steps you should take to make your login and admin page secure with an HTTPS connection.
TL;DR – Too Long; Didn’t Read
When the “Not Secure” warning message is seen only on the loading of the Login and Admin page, which is often not seen then you’ll need to install a plugin like Easy HTTPS Redirection from the plugin repository. It forces the Login and Admin page to start using a secure HTTPS connection.
A Quick Guide to Remove “Not Secure” Warning from the Login & Admin Page of Your WordPress Site
In rare scenarios, the WordPress login page and admin dashboard display a “Not Secure” warning message even after installing an SSL/TLS certificate from a reputed CA like Sectigo. No matter how frustrating or dreaded this “Not Secure” warning looks, a quick resolution is there, and it’s done by forcing both the Login and Admin page to load via a secure HTTPS connection.
And, to achieve this HTTPS connection, there are two different ways to do it:
- Install a plugin, and it’ll get the job done – Easy
- Manually edit a specific file and enforce SSL – Not Easy
How to Remove “Not Secure” Warning from the Login & Admin Page With A Plugin
Installing a plugin like Easy HTTPS Redirection can resolve this issue within minutes. All you are required to do is:
- Log into your website, go to the Plugins section and select Add New:
- Search for the plugin Easy HTTPS Redirection and install and Activate it:
- Now, go to Settings and select HTTPS Redirection and check the option Enable automatic redirection to the “HTTPS”:
- Now, select the option from the radio button “A few pages” and add wp-login.php and wp-admin/ into it. Also, check the “Force resources to use HTTPS URL” option and click the Save Changes button:
Check Login & Admin Page
- Now, refresh the Login and Admin page, and you should be able to see the padlock on the address bar instead of the warning “Not Secure”:
- Likewise, log out from your website and check the login page. It should be showing a padlock and not a “Not Secure” warning.
- However, if you don’t find a padlock, there is no need to panic as you’re facing the Caching issue, and all you’re required to do is clear your website cache.
Once you complete the steps mentioned above, it’s recommended you check your entire website and see if everything is working fine. It’s not only about the SSL/TLS certificate but more about the plugin that you installed because many times plugins aren’t compatible, and due to that, issues can arise. For example, you can check the home page, blogs, checkout, cart pages, subscription boxes, contact forms, ads, etc., to ensure there are no issues.
How to Remove “Not Secure” Warning Manually (the not as easy option)
Put simply, you’ll need to edit the wp-config file and insert code for removing the “Not Secure” message from the Login and Admin page. And, for editing, follow the below steps:
- Download and install SFTP (Secure File Transfer Protocol) software like Filezilla within your local system.
- Now, open FileZilla, and on the top of the window, you should see options like Host, Username, Password, and Port.
- Insert SFTP login credentials and click on the Quickconnect button like:
- Once it connects, you’ll see four different panels: Local Site, Remote Site, and two “Filename” as shown in the image:
- Click on the public_html folder that appears on the Remote Site panel. Once you click the panel named Filename below “Remote Site,” you will see files and folders. And, from that, select the wp-config.php file:
- After selecting the wp-config.php file, right-click and choose the View/Edit option:
- After clicking View/Edit, insert the below-mentioned code into the wp-config file:
- After adding the mentioned code, close the file. It’ll ask whether you want to save the file. Select Yes.
- It doesn’t matter how skillful you are. It’s recommended to take a backup using a proper tool such as CodeGuard Backup, so you don’t lose any critical data if anything goes wrong, especially if you’re trying to resolve it manually.
- Also, make sure you’re adding the provided code before this commen t statement “/* That’s all, stop editing! Happy blogging. */”
Here’s Why the “Not Secure” Warning Is Displayed in the Login & Admin Page
It’s a rare error that may occur once in a while. The main reason is that your browser fails to trust the SSL/TLS certificate installed on your website. Nonetheless, your website’s login and admin panel are among the most critical pages of the entire website. So, your installed browser, especially the latest ones, refuses to serve these pages if a B-grade SSL/TLS certificate is encountered.
To verify the grade of your installed SSL/TLS certificate, you can use a free tool like Qualys SSL Labs. Simply insert your website URL and click the Submit button. If you get anything less than A, then you’re using a B-grade SSL/TLS certificate.
Getting a “Not Secure” warning only on the Login page and Admin panel isn’t something you usually run into. But, sometimes, due to configuration issues or due to the installation of a B – Grade SSL/TLS certificate, your browser tries to warn you as these are among the most critical pages of a website.
Furthermore, it’s recommended that you implement website security best practices, as having an SSL/TLS certificate alone will only encrypt and protect your data in transit. And it’s preferable to use any backup tool like CodeGuard Backup, so you don’t lose any data if anything goes wrong.