The URL of a website with a Secure Socket Layer (SSL) certificate installed could still indicate insecurity for the following reasons.
After installing SSL certificate for a website (assuming the domain name is example.com), you need to visit that specific website (https://www.example.com) to check if it is securely encrypted.
If you directly enter “example.com” in the browser's address bar, you are actually accessing the URL http://www.example.com, and that displayed website does not use HTTPS protocol, therefore website URL will be displayed without security.
In such case, redirecting http://www.example.com to https://www.example.com will solve the problem. After configuring redirection to HTTPS, typing “example.com” in browser's address bar, will instead access https://www.example.com directly, security now becoming enforced.
Sites hosted using WordPress web application can have all data transfered over HTTPS protocol, simply by installing the plugin Really Simple SSL.