Really Simple Security checks if there is a valid SSL certificate, and if it can find the marker from the Mixed Content Fixer in the HTML of your website. In some cases, the plugin’s request does not receive a valid response. There can be several causes for this:
Server or plugin security blocks the request
If the front-end of your website loads without any issues when visiting it in your browser, this is probably the case in your situation. The warning is a false positive and can be safely ignored. A false positive can occur on some environments, for example due to a security mechanism that prevents the plugin from successfully retrieving the webpage.
Does the front-end return a warning or error? Please follow the steps below to diagnose and fix the issue.
Maintenance page, or password protected login
If you have protected your site with a maintenance page, or added password protection, that will also block this request. Like the above, the warning in this case is a false positive and can be safely ignored.
Invalid SSL certificate
The “No response from webpage” notice is also displayed when Really Simple Security cannot load your homepage over SSL. This is often caused by a misconfiguration on the server, or an invalid SSL certificate. The exact cause can usually be determined by using the free Qualys SSL Labs test tool. This test will return a lot of information about the currently used SSL certificate, including any errors or misconfigurations.
The SSL Labs test should return at least an A grade. This can be further increased to an A+ by configuring the HTTP Strict Transport Security header with a long duration (max-age), as well as disabling support for deprecated TLS versions on your server.
If your site has an invalid SSL certificate, we usually recommend obtaining a new certificate from your hosting provider. They can help you install a valid SSL certificate which is often the fastest and easiest solution. Once a valid certificate is installed, Really Simple Security will be able to detect it and the warning should disappear.
In some (rare) instances, your hosting provider might not provide you a free SSL certificate as part of your hosting plan. If this is the case, you can also use the Really Simple Security plugin to generate a free Let’s Encrypt SSL certificate for your domain. You can then manually install this SSL certificate on your webserver (e.g., in a control panel like cPanel, Plesk or DirectAdmin) to secure the site. However, it is typically recommended to enable the SSL certificate from your host (when available), as this avoids having to manually renew and install the SSL certificate.
Other possible causes
The Qualys SSL Labs test tool can return a number of different errors. For example, a ‘no secure protocols supported’ error. This error indicates that the server cannot be reached on port 443, the SSL port. This often happens because of a misconfiguration on the server and can be fixed by your hosting provider.
If you are unsure what to do next or have any questions in relation to this error, send us a support request.