If your website is built on Squarespace, you may have gotten an email or message from Google Chrome telling you that your site is “not secure.” This can be alarming, but don’t worry!
There are a few easy steps you can take to fix this issue.
First, let’s understand what “not secure” means. When you visit a website, your browser (Chrome, Safari, Firefox, etc.) sends a request to the server that hosts the website.
The server then responds with the website’s content. The communication between your browser and the server is encrypted, so that no one can eavesdrop on the conversation. However, if the server doesn’t have an SSL certificate (more on that in a minute), then the browser will show a “not secure” warning.
So why does Squarespace not have an SSL certificate by default? Well, it’s a bit complicated.
If you have a basic Squarespace site (one that doesn’t have a custom domain), then we don’t serve your site over HTTPS because we don’t have control over the .Squarespace.com domain. Your site is still encrypted while it’s in transit, but because we can’t guarantee that it will always be served over HTTPS, we don’t mark it as secure in the browser.
However, if you have a custom domain for your Squarespace site (one that you’ve registered through us or brought to us from another registrar), then we do serve your site over HTTPS by default. That means your site should already be marked as secure in the browser without any extra work from you.
If you’re using a custom domain and you’re still seeing the “not secure” warning in Chrome, there are a few things you can check:
If you are concerned about this issue, there are a few things you can do to protect your website. First, make sure that you are using a strong password for your Squarespace account. Second, consider enabling two-factor authentication for your account. This will add an extra layer of security and make it more difficult for hackers to gain access to your account.
Finally, keep an eye on your website and monitor any changes that are made. If you notice anything suspicious, contact Squarespace customer support immediately.
-
First, make sure that all subdomains of your custom domain are set up to redirect to the www version of your site. For example, if your custom domain is www.example.com, make sure example.com redirects to www.com. You can check this in the Domains panel of your site’s settings.
-
Next, check whether any plugins or code blocks on your site are preventing Chrome from displaying the “secure” lock icon. If you’re not sure how to do this, reach out to our Customer Support team and they’ll be happy to help.
-
Finally, if you’re still seeing the “not secure” warning after taking these steps, make sure that your site doesn’t have any mixed content issues.
Mixed content happens when a page tries to load both secure and non-secure resources (like images or scripts) from different sources. You can use Chrome’s built-in developer tools to check for mixed content issues on your site.
To recap: If you have a basic Squarespace site without a custom domain, your site is not served over HTTPS and will show as “not secure” in Chrome. If you have a Squarespace site with a custom domain, your site should be served over HTTPS by default. If you see the “not secure” warning in Chrome even though you have a custom domain set up, first make sure all subdomains are redirecting correctly, then check for mixed content issues. If you need more help troubleshooting this issue, reach out to our Customer Support team. In short – if your Squarespace website is showing as ‘not secure’, it simply means that there is no SSL certificate associated with it yet. You can easily fix this by adding an SSL certificate (we recommend Let’s Encrypt) and connecting it to your Squarespace account following these easy steps.
1) Log into your Squarespace account and go to ‘Settings’
2) Click ‘Security & SSL’
3) Scroll down to ‘SSL Certificate’
4) Select ‘Let’s Encrypt’ from the dropdown menu
5) Click ‘Apply’
Your Squarespace website should now be showing as ‘secure’ in Google Chrome!