Why Does My Squarespace Website Say Not Secure?

Seeing a "Not Secure" warning on your Squarespace website can be concerning, both for you and your visitors. This warning typically means that your site is not using HTTPS, which stands for Hypertext Transfer Protocol Secure. Here’s a detailed look at why this might be happening and how you can resolve it:

Understanding HTTP vs. HTTPS:

• HTTP: Hypertext Transfer Protocol is the foundation of data communication on the web. It’s not encrypted, meaning data transmitted over HTTP can potentially be intercepted and read by others.
• HTTPS: Hypertext Transfer Protocol Secure is an extension of HTTP. It uses encryption via the Transport Layer Security (TLS) protocol (formerly known as SSL) to secure data transfer between the user's browser and the website.

Why HTTPS is Important:

1. Security: Encrypts the data exchanged, protecting sensitive information like passwords and personal details.
2. Trust: Modern browsers display warnings for non-HTTPS sites. A secure site builds trust with your visitors.
3. SEO Benefits: Google has confirmed that HTTPS is a ranking signal, so using it can help with your site's SEO.

Reasons Your Squarespace Site May Say "Not Secure":

1. SSL Certificate not Activated: Squarespace provides SSL certificates for free. If it's not activated, your site will show as "Not Secure".
2. Mixed Content Issues: If your site has a mix of HTTP and HTTPS content, it can trigger a "Not Secure" warning. This often happens when images, scripts, or other resources are loaded over HTTP within an HTTPS page.
3. Domain Configuration Issues: If your domain is not correctly pointing to Squarespace, SSL might not be properly set up.

Steps to Ensure Your Squarespace Site is Secure:

1. Enable SSL on Squarespace:

Squarespace automatically provides SSL certificates for all domains hosted with them, but you need to ensure it’s enabled: 1. Log in to Squarespace. 2. Go to Settings > Advanced > SSL. 3. Ensure it's set to Secure (Preferred). Squarespace recommends this as it automatically redirects HTTP traffic to HTTPS.

2. Fix Mixed Content Issues:

If certain elements are still served over HTTP, you’ll need to update them: 1. Check your Content: Inspect your site to ensure all linked resources use HTTPS. Convert HTTP URLs of images, scripts, and other resources to HTTPS in your site content. 2. Browser Tools: You can use browser developer tools (e.g., right-click on the page and select "Inspect" in Chrome) to identify mixed content issues. The console will show warnings for mixed content.

3. Verify Domain Setup:

Confirm that your domain is correctly pointed to Squarespace: 1. Review Squarespace’s DNS Settings: Ensure your DNS settings match Squarespace’s recommendations. 2. Propagation Time: After making any domain or DNS changes, it might take some time for changes to propagate. Typically, this can take up to 48 hours.

Additional Considerations:

• Custom Domains: If you’re using a custom domain registered outside of Squarespace, ensure you’ve correctly followed the steps to link it with Squarespace.
• Third-Party Content: Be cautious when embedding third-party content; ensure those sources also support HTTPS.

When to Seek Help:

If you've followed these steps and still encounter issues: - Contact Squarespace Support: Squarespace provides customer support which can help troubleshoot these issues. - Consult Online Resources: The Squarespace Help Center and community forums can also be valuable resources.

Ensuring your Squarespace website is secure involves a few simple steps but is crucial for protecting your visitors and maintaining their trust. By enabling SSL, fixing any mixed content issues, and verifying your domain configuration, you can resolve the "Not Secure" warning and provide a safer browsing experience for your users.