HTTPs Everywhere And Custom Domains

Did you see the post from Barry, one of the staff at that free HTTPS is now active for all custom domains hosted on

I looked at the URL of my site, which has a custom domain, and I saw the padlock.

Good. Google likes secure sites and sites under HTTPS are just generally better for avoiding hacking. OK, it’s not a big deal because looks after all the security issues – but still, it’s good.

Then what happened was that I wanted to check on a post I had written a little while ago about HTTPS/SSL coming to

I wanted to find the post I had written but I noticed I didn’t have a search form on my site.

So I went into the Admin panel and pulled a Search widget onto the sidebar.

And suddenly the padlock disappeared. When I refreshed the page it appeared for a second and then disappeared. There was no padlock any longer. It was an ex-padlock.

What was going on?

I checked on WhyNoPadlock and the analysis said:

Insecure  call. Found on line # 237 in file:

I entered a search term for HTTPS in the Search box and a warning message came up. It said something like ‘This is an insecure form. Are you sure you want to proceed?’

Huh? It’s just a search term in a Search box!

I pulled the Search form off the sidebar and the padlock returned. Very strange. It seemed I might have found a bug. It couldn’t be something I had introduced, could it?

I don’t think so because I have not implemented custom CSS or any other alterations to the WP code.

I raised the issue with staff and meanwhile today the padlock is back even though the Search box is still there.

So maybe somehow it was just a glitch while things were propagating through the Internet.

However, I checked again with WhyNoPadlock and got the same warning.

So now that’s doubly confusing because the padlock is there.

Warning Messages

But there’s another thing going on here and that is that I have been getting warning messages when I comment on some sites. Again it says something like ‘This is an insecure form. Are you sure you want to proceed?”

Rebekah from and I have discussed this when it has come up on some self-hosted WordPress sites.

So, and here’s a general question: Have you had an alert come up when you have commented or searched on a WordPress site recently?


  1. Rebekah M says:

    As I was reading this, I had to go and look at my Tassitus. Padlock was in place, but the Search-widget had gone missing, so I put it back. Padlock still there.

    I do get that message, but only on self-hosted blogs. I moved Tassitly from Tap to GoDaddy since I already had hosting there [now it’s]. I’m not sure if I still get it now … must check it out.


  2. Rebekah M says:

    Just checked. I still get that message, so it’s not the hosting. I have the nice Iwata theme applied there.


    1. So that’s another thing to cross off the list as the reason. I wonder what it is.


      1. Rebekah M says:

        Me too. Not the theme, not the hosting. Iwata has NO widgets so … this still baffles me.


  3. Mara Eastern says:

    Never happened to me in any of the variants that you describe – though I tried. On a loosely related note, I’ve noticed that WordPress sites don’t fare that well with code validators, so I’m not surprised that things on WP (as everywhere else, I guess) have their kinks…


    1. Yes, I don’t think anything in the ‘real world’ passes the code validation standards. I’m not surprised, because the browser consortium doesn’t implement everything evenly and it’s always evolving.


      1. Mara Eastern says:

        You’re right, of course. I have the bad habit of always asking for perfection.


  4. Hmm, I had one come up today, now that you mention it; but it was a site I was unfamiliar with, so I just backed out, the same way I’d come in… Glad you brought this up David. Thank you


    1. But I’m not self-hosted either. Hmm):


      1. It seems to be some kind of interaction between the standard of coding the browser expects, and the coding in the form.

        I had an email message last night from Barry at WordPress to say that he thinks the team have isolated the issue and resolved it.

        Liked by 1 person

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.