Support » Fixing WordPress » Not Secure message in Admin URL

  • When I log into my admin, the URL is giving me a ‘Not Secure’ message. I have a website security/ protection service through SiteLock. I need to know if there is anything on WordPress end that can resolve this issue? Also, my SiteLock Firewall Scans show a significant amount of virus activity/ attacks and threats blocked.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • What exactly is the not secure message you are receiving?

    Not Secure. In red with Red padlock

    That little ‘padlock’ is trying to tell you that the page isn’t secured by a certificate and isn’t using ‘https’.

    It’s not that your site itself specifically has an issue…

    Your web host can help you or you might look at running on CloudFlare and taking advantage of their free Let’s Encrypt integration if they still offer that.

    Or you might DIY via your hosting control panel or on your own by looking up Let’s Encrypt and work your way through that process. Just follow the instructions.

    Moderator t-p


    According to the Sucuri online scan, your site is blacklisted:

    Get in touch with your hosting provider.

    The only blacklist I saw was McAfee – the others looked fine. Securi didn’t seem to find any Malware either.

    It would still be a good idea to watch for a while. Maybe run WordFence at least.

    I still stand by my previous answer.


    Logan from SiteLock here. @jnashhawkins is correct that this message is related to a lack of an SSL certificate in use on the login page. Many modern browsers now generate little alerts like this when they see that you’re sending sensitive information (e.g. username and password) over a plaintext (non-SSL) connection. SSL certificates enable to use of the secure HTTPS protocol, which encrypts the data you submit (user/password) in transit instead of sending them in plainly-readable condition. This is important because in this day and age, depending on how you’re connecting to the website, there is a possibility of an adversary eavesdropping this data and capturing it.

    Using an SSL certificate is like putting all that important information in an armored truck for transport, versus a 1970 Lada. Sure, the Lada is tried-and-true, and a moniker in its own right, but in this day and age I would not recommend transporting bundles of valuables across the continent in it. It offers little in the way of modern security. In the same token, your browser does not recommend you transporting valuable data across the world using good old HTTP. It trusts HTTPS.

    Your hosting provider most likely offers an SSL solution, you may wish to reach out to them.

    • This reply was modified 2 years, 3 months ago by Logan Kipp.
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Not Secure message in Admin URL’ is closed to new replies.