Podcast Promotion

Why Your Website Says Not Secure & How To Fix It

5 min read

Last updated

If you’ve noticed an error message on your podcast’s website announcing your website is not secure, you’re not alone. In October 2019, Google announced a series of updates to Chrome that are starting to trigger “not secure” warnings as of December.

The root of the changes deals with mixed content. Mixed content means a webpage contains both secure and insecure elements–secure pages use a https:// configuration while insecure pages use http://. Many website domains already follow the HTTPS guidelines but subresources, like embedded podcast players, may use HTTP configurations.

The mix of insecure http:// subresources on https:// pages might be why your website says it’s not secure. As Google continues to update Chrome, podcast files that are hosted using insecure configurations will no longer work.

As of February 2020, the latest Chrome update was released so now is the time to fix any “not secure” warning messages appearing on your site.

In this article, we’ll show you how to check if your website has mixed content and how you can fix it.

Castos has always served our media files and images over HTTPS. All podcasts on our platform are hosted using secure https:// URLs. No further action is needed!

Why Mixed Content Warnings Are Bad For Your Website

Google has pushed to make web browsing more secure. They pushed site owners to update domains to https:// and now 90% of browsing occurs on secure sites. Without a secure website, you cannot protect yourself from identity theft, phishing and other common cyber attacks on vulnerable sites.

When a website has mixed content, it erodes a site’s overall security and threatens a user’s privacy. As a result, Google heavily considers site security as a key factor in its rankings.

Edison Research reminds us that “searching the internet” is one of the primary ways listeners discover new shows. A website flagged as “not secure” will appear lower in search results and miss out on these chances for discoverability.

More importantly, however, audio players may not function correctly if the episode is loaded insecurely. Pacific Content tested Ken’s Last Ever Radio Extravaganza on its Google Podcasts listing and received this warning:

mixed content error message on google podcasts
Audio player error message as a result of a mixed content warning message.

Many podcast hosting providers, Castos included, took steps before the Chrome updates to ensure all podcast files used secure HTTPS configurations.

However, some hosting platforms make podcast episodes available at both http:// and https:// locations (or even worse just on http://).

This means while a website loads using the insecure elements, Chrome is able to find the secure connection. As of now, the player will continue to function normally within Chrome. But the resulting SEO effects of poor security are still present.

As additional Chrome updates roll out, we’re uncertain if files available across insecure and secure locations will continue to be supported.

How To Check If Your Website Has Mixed Content

Google’s latest Chrome updates look to stop secure web page from loading increase subresources like videos, images, and audio. To see if your website contains mixed content, follow these steps to start troubleshooting.

1. Go to your website on Google Chrome

First, update the browser to the latest Chrome 80 release. To update, go to Chrome > About Google Chrome and verify the version is Version 80. Once confirmed, head to your podcast’s website and go to a page that contains an audio player.

2. Look for the “Not Secure” warning

In the upper left hand corner, there is either a lock icon or a warning that says “Not Secure”. Below is an example of a website that doesn’t contain mixed content and is considered secure.

mixed content connection secure example
A secure website without mixed content will return a “Connection is secure” message.

If the website contains a “Not Secure” warning, click the icon to reveal the error message. Below is an example of the warning message for a website that contains mixed content.

mixed content warning message example
A website that contains mixed contain will return a warning that the page is not secure.

3. Check if the podcast player is hosted using http://

Chrome is checking all assets on the webpage from images, videos, and audio files. So the last step is confirming the audio files are responsible for the “not secure” warning.

On the page with the warning, click the three dots in the upper right hand of the browser. Find the More Tools dropdown and click Developer Tools.

Click the Console tab to reveal additional information about the errors on the page. Find any messages that say “Mixed Content” and check the URL Chrome was attempting to load. Look for any URLs that are loading from your podcast hosting platform.

Mixed content warning from Chrome. The episode file is loading using the insecure http:// configuration instead of the secure https://.

You’re looking for any URLs that are connected with the podcast episode’s audio file. These URLs are coming from your podcast hosting provider and will have their brand name within the URL.

For example, episodes hosted on Castos have URLs that start with “https://episodes.castos.com/YourPodcastName”.

How To Fixed Not Secure Website Warnings

If you’re a Castos user, the good news is all of your podcast files are already served via secure routes.

For users of other podcast hosting platforms, reach out to their Support teams to gauge when they plan to make the switch. Even if your player continues to function correctly, it’s wise to follow Google’s guidelines to ensure they rank your website favorably.

For those who use DIY solutions for their RSS feeds, consider migrating to a dedicated hosting providers to avoid further security issues.

Summary

As of February 2020, Google rolled out the final update to Chrome. Mix content warning messages are resulting in insecure websites and hampering SEO rankings.

To double check your podcast’s files, use the browser’s developer tools to ensure the URLs use the HTTPS configuration. And if they don’t, reach out to your provider to gauge when they’ll make the update. Or consider migrating to Castos we’ll take care of it for you.

Photo of author
Craig Hewitt
Craig is the founder of Castos. When he's not busy podcasting, talking about podcasting, or helping others get started in this awesome medium he's hanging out with his wife, two children, and likely planning their next travel adventure.

Leave a Comment

Resources

More from Castos