Your Website Has a Security Warning: What It Means
Your Website Has a Security Warning: What It Means
A customer emails you a screenshot. Your website is showing a red warning screen. Or you open your own site and see: "Your connection is not private."
Before you panic, understand what you are actually looking at. These warnings are not all the same. Some are a 15-minute fix. Others are serious. Knowing the difference is the first step.
The Four Warnings and What They Mean
"Your connection is not private"
This is an SSL certificate problem. Your website is supposed to have a certificate that proves to browsers it is who it says it is. When that certificate expires, is missing, or is misconfigured, browsers block access with this warning.
Most visitors will not click through. They will leave.
What usually caused it:
- SSL certificate expired and did not auto-renew
- SSL was never installed on the hosting account
- The certificate covers a different version of your domain than the one people are visiting
How serious: High. Customers cannot reach your site until it is fixed.
"This site may be hacked" or "This site may harm your computer"
Google detected malicious code on your website. This is not a false alarm in most cases. It means something changed on your site that should not have, and Google noticed before you did.
What usually caused it:
- An outdated WordPress plugin or theme had a known vulnerability and was exploited
- Your hosting account credentials were compromised
- A neighbouring site on shared hosting was compromised and affected yours
How serious: Critical. Google stops sending traffic to your site entirely until the issue is resolved and you request a review.
"Deceptive site ahead"
Similar to the hacked site warning but specifically means Google believes your site is being used to steal information from visitors. Usually caused by a hack that installed fake login pages or redirects.
How serious: Critical. Same Google blacklist situation as above.
"Certificate error" or "Certificate not trusted"
The SSL certificate exists but does not match your domain, or it was issued by an authority browsers do not recognise. Often happens when a certificate is installed for one version of a domain but not another, or when a self-signed certificate is used instead of a proper one.
How serious: High. Most users will not proceed past this warning.
What to Do First
Regardless of which warning you are seeing, the first step is the same: take a screenshot and call your hosting provider or IT support immediately. Do not try to diagnose this yourself while customers are being blocked.
When you call, have the following ready:
- The exact wording of the warning
- Your website address
- When you first noticed it or when customers started reporting it
- Whether anything changed recently on the site or with your hosting
Your hosting provider deals with these situations regularly. For SSL issues they can usually resolve it within the hour. For malware warnings it takes longer but they will know the process.
SSL Warnings: The Likely Fix
SSL certificate problems are the most common cause of security warnings and also the most straightforward to fix. Your hosting provider or IT person will either renew the certificate, reinstall it correctly, or enable a free certificate through Let's Encrypt if one was never set up.
The thing worth understanding about SSL certificates is that they expire. Most are set to auto-renew but auto-renew depends on a working payment method, a functioning email address for notifications, and no changes to your hosting configuration that might break the renewal process. Any one of those can cause a lapse without you knowing until the warning appears.
After your provider fixes the immediate problem, ask them:
- What caused the certificate to lapse or fail?
- Is auto-renew now confirmed working?
- When does the new certificate expire and how will we know before it does?
Malware Warnings: The Longer Fix
If Google has flagged your site for malware or phishing, the process involves three stages: cleaning the infection, hardening the site so it does not happen again, and requesting a Google review to get the warning removed.
Cleaning a compromised site is not a task for a non-technical business owner working alone. You need your hosting provider or a website security service to do it properly. Partial cleanup often misses backdoors that cause reinfection within days.
Once the site is clean and secured, you submit a review request through Google Search Console. Google typically responds within one to seven days. The warning does not go away until Google confirms the issue is resolved.
While you are waiting, put up a simple maintenance page and give customers an alternative way to reach you. Do not leave the compromised site live while you wait for help.
Ask your provider or security service:
- How did this happen and what was the entry point?
- What have you done to prevent it happening again?
- Is there a backup from before the infection we can restore from?
- How do I submit the Google review request once you are done?
The Question Underneath All of This
When a security warning appears, the immediate question is how to fix it. But the question underneath that is: when did this actually happen, and what did my site look like before it did?
For an SSL lapse that is straightforward. For a malware infection it matters more. Google does not flag sites the moment they are compromised. There is often a gap between when something changed on your site and when the warning appeared. Knowing what your site configuration looked like in the weeks before the warning, and what changed, is useful information both for cleanup and for any insurance or legal situation that might follow.
Most businesses do not have that record. They know what their site looks like now, and they know there is a problem, but they cannot show what existed before.
Prevention
The majority of website security warnings are preventable with basic ongoing maintenance:
For SSL warnings: Confirm your SSL certificate is set to auto-renew and that the email address receiving notifications is monitored. Check the expiration date once a quarter. ExplainMyIT checks this for you monthly and flags it before it becomes a problem.
For malware warnings: Keep your website software updated. Outdated WordPress plugins and themes are the most common entry point for site compromises. Remove plugins you no longer use. Use strong, unique passwords for your hosting and website admin accounts. Make sure you have recent backups stored somewhere separate from your hosting account.
FAQ
My SSL was fine last week. Why is it suddenly showing a warning? SSL certificates expire on a specific date. If auto-renew failed for any reason, the certificate lapses immediately on expiration day with no gradual warning to visitors. Check your hosting account for the certificate status and renew it.
Can I just ignore the warning temporarily? No. Most visitors will not click through a security warning. Google will de-rank your site while the warning is active. Every hour the warning is live costs you traffic and trust.
How long until the warning disappears after fixing? For SSL issues, usually within minutes of the fix, though some visitors may need to clear their browser cache. For malware and phishing warnings, Google needs to review the site after you request it. That typically takes one to seven days.
Will this affect my search rankings? Yes. Google actively suppresses sites with active security warnings. Recovery after the warning is removed can take additional weeks. Fixing it quickly reduces the damage.
Should I hire someone to fix this? For SSL issues your hosting provider can usually handle it as part of your hosting support. For malware or phishing warnings, hiring a website security service is worth it. A proper cleanup costs $200 to 500. Partial cleanup that results in reinfection costs more in the long run.
ExplainMyIT checks your SSL certificate status, expiration date, and DNS configuration every month and keeps a dated record. If your certificate is approaching expiration or something has changed since last month, you will see it in your report before a visitor does.
See what your setup looks like right now or read more about how it works.
Related reading: