This warning is normally shown when you are loading the page over a nonencrypted HTTP connection, but have set your WordPress to use encrypted HTTPS for the site URL setting. This warning is added to notify you or your users that the form submission is not likely to complete because of this.
You will see a “Submission URL and current URL protocols do not match. The form may not function properly.” error at the top of the form when this problem is detected.
With good reasons, browsers are pushing for encryption everywhere and one standard that many browsers have in place is blocking cross-origin requests via AJAX. As of Caldera Forms 1.5.3, Caldera Forms will show a notice above the form if it is loaded on a page where the protocol (HTTP or HTTPS) does not match the protocol of the URL it is set to submit against.
If you are on this page, its a sign that your WordPress site does not have one of the most basic security features — encrypted HTTP — enabled. This should worry you. SiteGround provides free SSL certificates and has very affordable pricing for their excellent managed WordPress hosting.
What You Should Do
Simple Answer
You probably have installed SSL/HTTPS but have not forced all page loads to be over HTTPS or have not updated your site URL setting in WordPress to included “https”.
Most of the time to resolve this, just open a ticket with your host and say “I need to make sure all pages on my site load over HTTPS”. This is the best solution for security and SEO reasons to encrypt all page loads.
You can also disable AJAX submissions in the form settings tab of the form editor.
Developer Note
The URL for the API forms are submitted against can be modified with the caldera_forms_submission_url. You can use that filter to change the protocol for the submission, if needed.
Questions Related To HTTPS and SSL
Do You Need An SSL Certificate For Your WordPress Site?
No, you do not.
Should You Install An SSL Certificate?
Yes, you should. Your host should provide you with one for free, this isn’t 2015. If your hosts does not provide you with a free SSL certificate, you probably should get a better host. You can also acquire an SSL certificate for $9 from Namecheap or use LetsEncrypt to get one for free.