Easily Remove the “Not Secure” Warning From Your WordPress Login & Admin Page

by | Apr 26, 2021 | Web Security

remove not secure warning from wordpress login page

Here’s What You Should Do if Your Login & Admin Page Shows a “Not Secure” Warning

If you have a website, you might be aware of how Google has made an SSL/TLS certificate mandatory. Failure to install an SSL certificate equates to the dreaded “Not Secure” warning message from all the popular web browsers like Google Chrome and Mozilla Firefox.

However, if you’ve got an SSL/TLS certificate installed, all your web pages and blog posts will be secure, and your website will not be showing any error messages. So, your website will not only BE secure but LOOK secure as well – which shouldn’t hurt your end-users.

But, once you go to the Login page or open the Admin page of your WordPress site, Google Chrome still shows a “Not Secure” warning message. In other words, all pages are secure, but whenever the login or admin page of the website loads, it starts showing a “Not Secure” warning – then this sounds like a problem that can be quite frustrating and one you may need some help with as well.

If you’re questioning, what do I do? How do I resolve this stupid “Not Secure” warning message? I’m frustrated, how do I remove the Not Secure warning message? Then you may be talking to yourself a tad too much. And, also, don’t worry any longer, it’s not a big issue, you can solve it quite quickly actually.

In this easy-to-follow guide, we’ll show you what steps you should take to make your login and admin page secure with an HTTPS connection.

TL;DR – Too Long; Didn’t Read

When the “Not Secure” warning message is seen only on the loading of the Login and Admin page, which is often not seen then you’ll need to install a plugin like Easy HTTPS Redirection from the plugin repository. It forces the Login and Admin page to start using a secure HTTPS connection.

A Quick Guide to Remove “Not Secure” Warning from the Login & Admin Page of Your WordPress Site

In rare scenarios, the WordPress login page and admin dashboard display a “Not Secure” warning message even after installing an SSL/TLS certificate from a reputed CA like DigiCert. No matter how frustrating or dreaded this “Not Secure” warning looks, a quick resolution is there, and it’s done by forcing both the Login and Admin page to load via a secure HTTPS connection.

And, to achieve this HTTPS connection, there are two different ways to do it:

  • Install a plugin, and it’ll get the job done – Easy
  • Manually edit a specific file and enforce SSL – Not Easy
We recommend going with an easy option, especially if you don’t have any technical background. However, if you want to do it manually instead of installing the plugin, we’ll show you the steps for that also but, you’ve got to be a bit careful as it’s risky, and if something goes wrong in the website’s backend, it can become ugly.

How to Remove “Not Secure” Warning from the Login & Admin Page With A Plugin

Installing a plugin like Easy HTTPS Redirection can resolve this issue within minutes. All you are required to do is:

  • Log into your website, go to the Plugins section and select Add New:
plugins add new option
  • Search for the plugin Easy HTTPS Redirection and install and Activate it:
easy https redirection plugin
  • Now, go to Settings and select HTTPS Redirection and check the option Enable automatic redirection to the “HTTPS”:
https redirection settings
  • Now, select the option from the radio button “A few pages” and add wp-login.php and wp-admin/ into it. Also, check the “Force resources to use HTTPS URL” option and click the Save Changes button:
apply https redirection on option

Check Login & Admin Page

  • Now, refresh the Login and Admin page, and you should be able to see the padlock on the address bar instead of the warning “Not Secure”:
wordpress update option
  • Likewise, log out from your website and check the login page. It should be showing a padlock and not a “Not Secure” warning.
  • However, if you don’t find a padlock, there is no need to panic as you’re facing the Caching issue, and all you’re required to do is clear your website cache.

Once you complete the steps mentioned above, it’s recommended you check your entire website and see if everything is working fine. It’s not only about the SSL/TLS certificate but more about the plugin that you installed because many times plugins aren’t compatible, and due to that, issues can arise. For example, you can check the home page, blogs, checkout, cart pages, subscription boxes, contact forms, ads, etc., to ensure there are no issues.

How to Remove “Not Secure” Warning Manually (the not as easy option)

Put simply, you’ll need to edit the wp-config file and insert code for removing the “Not Secure” message from the Login and Admin page. And, for editing, follow the below steps:

  • Download and install SFTP (Secure File Transfer Protocol) software like Filezilla within your local system.
  • Now, open FileZilla, and on the top of the window, you should see options like Host, Username, Password, and Port.
  • Insert SFTP login credentials and click on the Quickconnect button like:
filezilla quickconnect
  • Once it connects, you’ll see four different panels: Local Site, Remote Site, and two “Filename” as shown in the image:
filezilla panels
  • Click on the public_html folder that appears on the Remote Site panel. Once you click the panel named Filename below “Remote Site,” you will see files and folders. And, from that, select the wp-config.php file:
filezilla wp config
  • After selecting the wp-config.php file, right-click and choose the View/Edit option:
wpconfig viewedit file
  • After clicking View/Edit, insert the below-mentioned code into the wp-config file:
define(‘FORCE_SSL_ADMIN’, true);
wpconfig force ssl admin
  • After adding the mentioned code, close the file. It’ll ask whether you want to save the file. Select Yes.

Note:

  • It doesn’t matter how skillful you are. It’s recommended to take a backup using a proper tool such as CodeGuard Backup, so you don’t lose any critical data if anything goes wrong, especially if you’re trying to resolve it manually.
  • Also, make sure you’re adding the provided code before this commen t statement “/* That’s all, stop editing! Happy blogging. */”

Here’s Why the “Not Secure” Warning Is Displayed in the Login & Admin Page

It’s a rare error that may occur once in a while. The main reason is that your browser fails to trust the SSL/TLS certificate installed on your website. Nonetheless, your website’s login and admin panel are among the most critical pages of the entire website. So, your installed browser, especially the latest ones, refuses to serve these pages if a B-grade SSL/TLS certificate is encountered.

To verify the grade of your installed SSL/TLS certificate, you can use a free tool like Qualys SSL Labs. Simply insert your website URL and click the Submit button. If you get anything less than A, then you’re using a B-grade SSL/TLS certificate.

qualys ssl labs report
Another possible cause could be regarding a certificate configuration issue. For instance, SSL/TLS certificate is fetched from your hosting provider. In that situation, it’s better to contact them and let them know about the “Not Secure” warning issue you face at the time of opening the Login page or Admin panel.

Wrapping Up

Getting a “Not Secure” warning only on the Login page and Admin panel isn’t something you usually run into. But, sometimes, due to configuration issues or due to the installation of a B – Grade SSL/TLS certificate, your browser tries to warn you as these are among the most critical pages of a website.

Furthermore, it’s recommended that you implement website security best practices, as having an SSL/TLS certificate alone will only encrypt and protect your data in transit. And it’s preferable to use any backup tool like CodeGuard Backup, so you don’t lose any data if anything goes wrong.