What's the Padlock in Your Browser? SSL Explained in 60 Seconds

You have probably noticed the little padlock icon next to website addresses in your browser. Maybe you have also seen the words “Not Secure” pop up on some sites. If you have ever wondered what that padlock means, whether your own website has one, and why it matters, this is the guide for you. Short, sharp, no waffle. Let us crack on.

SSL in One Sentence

SSL encrypts the connection between your website and the person visiting it.

That is genuinely the whole concept. When SSL (Secure Sockets Layer) is active on your website, the web address starts with https:// instead of http://. The “s” stands for “secure”. It means any information passing between your visitor's browser and your website (contact form submissions, login details, payment information) is scrambled so nobody else can read it in transit.

The technical name nowadays is actually TLS (Transport Layer Security), which replaced SSL years ago. But everyone still calls it SSL, and for practical purposes the terms mean the same thing: your website is using a secure, encrypted connection.

The Padlock Icon: What It Means

When you visit a website with SSL enabled, your browser shows a small padlock icon (or a tune/slider icon in newer versions of Chrome) next to the web address. This tells you the connection is encrypted and the site has a valid SSL certificate.

When a website does not have SSL, here is what happens:

• Google Chrome shows a “Not Secure” warning right in the address bar. If the site has a form (contact form, login, anything), Chrome makes this warning even more prominent.
• Firefox and Safari show similar warnings, a crossed-out padlock or an “insecure connection” message.
• Some browsers display a full-page warning before the visitor can even reach your site, especially if the SSL certificate has expired.

Put yourself in your customer's shoes. If you searched for a local business and the first thing you saw was a “Not Secure” warning, would you stick around? Most people would not. They would hit the back button and click the next result. That next result is your competitor.

Why SSL Matters for Your Business

SSL is not just a technical nicety. It has real, measurable consequences for your business. Three big reasons:

1. Chrome's “Not Secure” warning scares customers away. Google Chrome is used by roughly 65% of web users in the UK. If your site does not have SSL, the majority of your visitors see a security warning before they read a single word you have written. Studies consistently show that security warnings cause people to leave a website immediately. You are losing customers before they even know what you offer.

2. HTTPS is a Google ranking signal. Google confirmed in 2014 that HTTPS is a ranking factor. In plain English: all else being equal, a site with SSL will rank higher than one without. It is not the biggest ranking factor (your overall SEO matters far more), but it is one of the easiest boxes to tick. When you are competing with other local businesses, every small advantage counts.

3. Customers simply expect it. People have been trained to look for the padlock. When they see it, they feel safe. When they do not, they feel uneasy, even if they could not explain why. If your website takes payments, collects email addresses, or has any kind of form, visitors expect SSL to be there. It is part of the basic trust signals that make people comfortable doing business with you online.

How to Check If You Have SSL

This takes about ten seconds:

1. Open your website in Google Chrome (or any browser).
2. Look at the address bar at the top of the page.
3. If you see a padlock icon (or a small tune/slider icon in newer Chrome versions) and the address starts with https://, you have SSL. You are sorted.
4. If you see “Not Secure” and the address starts with http:// (no “s”) then you do not have SSL. Keep reading.

You can also try typing your web address with https:// at the start. If the page loads normally with a padlock, SSL is working. If the browser shows a warning or redirects you back to http://, it is not.

How to Get SSL If You Don't Have It

Getting SSL is far easier and cheaper than it used to be. In most cases, it is completely free. Here is what to do depending on your setup:

If you use Wix, Squarespace, or Shopify: you already have SSL. These platforms include it automatically on every site. There is nothing to do. If for some reason your site is not showing the padlock, contact their support team. It is almost certainly a setting that just needs toggling on.

If you use WordPress with a hosting provider: most modern hosts (SiteGround, GoDaddy, 123 Reg, Krystal, and others) include a free SSL certificate through Let's Encrypt. Log into your hosting dashboard and look for an SSL or security section. If you cannot find it, contact your host and ask them to activate your free SSL certificate. It usually takes a few minutes.

Once SSL is activated on your hosting, you may also need to update your WordPress site to use HTTPS. The easiest way is with a free plugin called Really Simple SSL. Install it, activate it, and it handles the rest: updating your site URL, fixing internal links, and redirecting HTTP traffic to HTTPS.

If you have a custom-built website: speak to your developer or hosting provider. They will need to install an SSL certificate (Let's Encrypt is free) and configure your server to redirect all traffic from HTTP to HTTPS. If your developer tells you this is a big job or tries to charge a fortune, get a second opinion. For most setups, it is straightforward.

Common SSL Problems (and Quick Fixes)

Even after you have SSL set up, a couple of things can trip you up. Here are the two most common:

Mixed content. This happens when your site loads over HTTPS but some elements on the page (images, scripts, or stylesheets) are still being pulled in over HTTP. Browsers may show a warning or hide the padlock because the page is not fully secure. The fix: update the URLs of those elements to use https://, or use the Really Simple SSL plugin on WordPress which handles this automatically. If you are not sure which elements are causing the problem, your browser's developer console (press F12) will list them.

Expired certificate. SSL certificates have an expiry date, typically every 90 days for Let's Encrypt certificates. Most hosting providers auto-renew them, so you should never notice. But if auto-renewal fails (perhaps due to a DNS change or a billing issue with your host), visitors will see a scary full-page warning saying your site might not be safe. If this happens, contact your hosting provider straight away. They can usually reissue the certificate within minutes.

SSL is one of those things that takes a few minutes to sort out and then works quietly in the background forever. It protects your customers, improves your search ranking, removes a “Not Secure” label that actively pushes people away, and costs nothing on most platforms. If you have not checked yours yet, do it right now. And if it is not set up, get it done today. It is one of the easiest wins you will find.

Want to keep improving your site? Here is where to go next:

• 7 trust signals that win customers: SSL is one piece of the puzzle. See what else builds credibility.
• Why your website is slow (and how to fix it): speed matters as much as security for keeping visitors on your site.
• What is SEO? Understand how Google decides who shows up first.