HTTPs Everywhere And Custom Domains

Did you see the post from Barry, one of the staff at WP.com that free HTTPS is now active for all custom domains hosted on WordPress.com?

I looked at the URL of my site, which has a custom domain, and I saw the padlock.

Good. Google likes secure sites and sites under HTTPS are just generally better for avoiding hacking. OK, it’s not a big deal because WP.com looks after all the security issues – but still, it’s good.

Then what happened was that I wanted to check on a post I had written a little while ago about HTTPS/SSL coming to WP.com.

I wanted to find the post I had written but I noticed I didn’t have a search form on my site.

So I went into the Admin panel and pulled a Search widget onto the sidebar.

And suddenly the padlock disappeared. When I refreshed the page it appeared for a second and then disappeared. There was no padlock any longer. It was an ex-padlock.

What was going on?

I checked on WhyNoPadlock and the analysis said:

Insecure  call. Found on line # 237 in file: photographworks.me/index.html

I entered a search term for HTTPS in the Search box and a warning message came up. It said something like ‘This is an insecure form. Are you sure you want to proceed?’

Huh? It’s just a search term in a Search box!

I pulled the Search form off the sidebar and the padlock returned. Very strange. It seemed I might have found a bug. It couldn’t be something I had introduced, could it?

I don’t think so because I have not implemented custom CSS or any other alterations to the WP code.

I raised the issue with staff and meanwhile today the padlock is back even though the Search box is still there.

So maybe somehow it was just a glitch while things were propagating through the Internet.

However, I checked again with WhyNoPadlock and got the same warning.

So now that’s doubly confusing because the padlock is there.

Warning Messages

But there’s another thing going on here and that is that I have been getting warning messages when I comment on some sites. Again it says something like ‘This is an insecure form. Are you sure you want to proceed?”

Rebekah from Tassitus.com and I have discussed this when it has come up on some self-hosted WordPress sites.

So, and here’s a general question: Have you had an alert come up when you have commented or searched on a WordPress site recently?

Advertisements

11 thoughts on “HTTPs Everywhere And Custom Domains

  1. As I was reading this, I had to go and look at my Tassitus. Padlock was in place, but the Search-widget had gone missing, so I put it back. Padlock still there.

    I do get that message, but only on self-hosted blogs. I moved Tassitly from Tap to GoDaddy since I already had hosting there [now it’s tassitly.com]. I’m not sure if I still get it now … must check it out.

    Like

  2. Never happened to me in any of the variants that you describe – though I tried. On a loosely related note, I’ve noticed that WordPress sites don’t fare that well with code validators, so I’m not surprised that things on WP (as everywhere else, I guess) have their kinks…

    Like

    1. Yes, I don’t think anything in the ‘real world’ passes the code validation standards. I’m not surprised, because the browser consortium doesn’t implement everything evenly and it’s always evolving.

      Like

      1. It seems to be some kind of interaction between the standard of coding the browser expects, and the coding in the form.

        I had an email message last night from Barry at WordPress to say that he thinks the team have isolated the issue and resolved it.

        Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s