SSL “critical” with automatic DeepScan

Hi @wassi007 ,

Version 8.7.5 is now available and fixed.

Can you confirm that the ticket is resolved?

Thank you.

Hi @wassi007,

Thank you for the update. Since the standard check is still failing in the background process, this points to a specific configuration detail in your WordPress settings.

Could you please check one setting for me?

1. Go to Settings > General in your WordPress dashboard.
2. Look at the “WordPress Address (URL)” and “Site Address (URL)” fields.
3. Do they start with http:// or https://?

Why this matters:
Even if your site loads with a padlock (SSL), sometimes the internal database setting is still set to http://, and an external plugin (like “Really Simple SSL” or a server rule) forces the redirect.

Our background scanner reads this database setting directly. If it sees http:// in the database settings, it will report “Critical” because WordPress technically thinks it is unencrypted, even if the redirect saves it.

The Fix:
If those fields say http://, please change them to https:// and save. This should instantly resolve the false positive in the scan report.

Let me know what you find!

Best regards,

Advanced IP Blocker Team

Hi @wassi007,

Thank you for confirming. This is a very specific edge case related to your server environment.

Since your settings are correct (https://) and the manual scan shows “Active” (Green), your site is secure.

The issue is that your server executes background tasks (WP-Cron) in a way that does not report the SSL status to WordPress correctly. This is common in some hosting environments where internal tasks run over a local unencrypted channel for speed.

Recommendation:
Since you have verified that your site loads securely and the manual scan confirms it, you can safely ignore the “Critical” warning for SSL in the automated email. It is a false positive caused by the server’s internal configuration, not a security hole in your website.

We will look into adding a filter in a future update to allow users to manually suppress specific checks to clean up their reports.

Best regards,

Advanced IP Blocker Team

Hello @wassi007,

1. Regarding the “Email only on error” option: Good news: This logic is already implemented as the default behavior in the current version. The automated background scan is designed to remain silent and NOT send any email if all checks pass (Status: Clean). The only reason you are receiving these emails right now is precisely because the scan is detecting the “SSL Critical” status. Once we solve that false positive, the daily emails will stop automatically and you will only hear from the plugin if a new issue arises.

2. Why SSL is still “Critical” (The Root Cause): Since version 8.7.5, our scanner explicitly checks your database setting (

get_site_url()

). If it detects 

https://

 there, it overrides the check and marks it as Safe.

If you are still seeing “Critical”, it implies that during the Cron execution, your WordPress is telling our plugin that its URL is 

http://

 (not https).

This is extremely common in Plesk environments. Please check your 

wp-config.php

 file. Do you have a line defining 

WP_SITEURL

 or 

WP_HOME

 dynamically? Example: 

define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');

The Fix: If you find such lines, change them to be hardcoded with HTTPS: 

define('WP_SITEURL', 'https://your-domain.com/');

This ensures that even when Cron runs from the command line (where server variables might be missing), WordPress knows it is an HTTPS site. This will instantly fix the SSL false positive and silence the daily reports.

Best regards, The Advanced IP Blocker Team

Hi @wassi007,

Just checking in—did the new settings in v8.8.2 solve the email alert issue for you? If so, please mark this ticket as Resolved. Thanks!