Caldera Forms does not require that you use HTTPS, which requires a valid SSL certificate. We strongly recommend that you load every page of your site using HTTPS. Currently, any form with credit card inputs or password inputs loaded over HTTP is marked insecure by Chrome, Firefox and other browsers. Several of our premium plugins do require HTTPS/SSL because they are used to accept payments.
Starting in October of 2017, Chrome will mark any page loaded over HTTP that has a form on it as insecure. It is safe to assume that Firefox and maybe other browsers will do this as well soon.
We wrote about if your WordPress site needs SSL here. There are short answers to clarify this recommendation below:
Does Caldera Forms Require SSL?
No, but we recommend it, strongly.
Will Caldera Forms Only Work When Using HTTPS?
No. Caldera Forms will work over insecure HTTP, but that is not recommended.
What Is The Risk Of Using Insecure HTTP With Caldera Forms
- Any form submitted via HTTP is at a risk of being intercepted in transit.
- The HTML for a page with a form, requested via HTTP, might not be the intended HTML.
- The browser is likely to warn site visitors that your site and/ or form is insecure.
Your Host Should Provide Free SSL
If your site is not an eCommerce site, then a free SSL certificate is all you need. A good WordPress host provides free SSL. If yours doesn’t we recommend that you switch to Pantheon, WPEngine, A2 Hosting or Siteground.