Did you see the post from Barry, one of the staff at WP.com that free HTTPS is now active for all custom domains hosted on WordPress.com?
I looked at the URL of my site, which has a custom domain, and I saw the padlock.
Good. Google likes secure sites and sites under HTTPS are just generally better for avoiding hacking. OK, it’s not a big deal because WP.com looks after all the security issues – but still, it’s good.
Then what happened was that I wanted to check on a post I had written a little while ago about HTTPS/SSL coming to WP.com.
I wanted to find the post I had written but I noticed I didn’t have a search form on my site.
So I went into the Admin panel and pulled a Search widget onto the sidebar.
And suddenly the padlock disappeared. When I refreshed the page it appeared for a second and then disappeared. There was no padlock any longer. It was an ex-padlock.
What was going on?
I checked on WhyNoPadlock and the analysis said:
Insecure call. Found on line # 237 in file: photographworks.me/index.html
I entered a search term for HTTPS in the Search box and a warning message came up. It said something like ‘This is an insecure form. Are you sure you want to proceed?’
Huh? It’s just a search term in a Search box!
I pulled the Search form off the sidebar and the padlock returned. Very strange. It seemed I might have found a bug. It couldn’t be something I had introduced, could it?
I don’t think so because I have not implemented custom CSS or any other alterations to the WP code.
I raised the issue with staff and meanwhile today the padlock is back even though the Search box is still there.
So maybe somehow it was just a glitch while things were propagating through the Internet.
However, I checked again with WhyNoPadlock and got the same warning.
So now that’s doubly confusing because the padlock is there.
Warning Messages
But there’s another thing going on here and that is that I have been getting warning messages when I comment on some sites. Again it says something like ‘This is an insecure form. Are you sure you want to proceed?”
Rebekah from Tassitus.com and I have discussed this when it has come up on some self-hosted WordPress sites.
So, and here’s a general question: Have you had an alert come up when you have commented or searched on a WordPress site recently?
Photograph Works 
As I was reading this, I had to go and look at my Tassitus. Padlock was in place, but the Search-widget had gone missing, so I put it back. Padlock still there.
I do get that message, but only on self-hosted blogs. I moved Tassitly from Tap to GoDaddy since I already had hosting there [now it’s tassitly.com]. I’m not sure if I still get it now … must check it out.
LikeLike
Just checked. I still get that message, so it’s not the hosting. I have the nice Iwata theme applied there.
LikeLike
So that’s another thing to cross off the list as the reason. I wonder what it is.
LikeLike
Me too. Not the theme, not the hosting. Iwata has NO widgets so … this still baffles me.
LikeLike
Never happened to me in any of the variants that you describe – though I tried. On a loosely related note, I’ve noticed that WordPress sites don’t fare that well with code validators, so I’m not surprised that things on WP (as everywhere else, I guess) have their kinks…
LikeLike
Yes, I don’t think anything in the ‘real world’ passes the code validation standards. I’m not surprised, because the browser consortium doesn’t implement everything evenly and it’s always evolving.
LikeLike
You’re right, of course. I have the bad habit of always asking for perfection.
LikeLike
Hmm, I had one come up today, now that you mention it; but it was a site I was unfamiliar with, so I just backed out, the same way I’d come in… Glad you brought this up David. Thank you
LikeLike
But I’m not self-hosted either. Hmm):
LikeLike
It seems to be some kind of interaction between the standard of coding the browser expects, and the coding in the form.
I had an email message last night from Barry at WordPress to say that he thinks the team have isolated the issue and resolved it.
LikeLiked by 1 person
Thanks David!
LikeLike