This is a pet peeve of mine – some plugin and theme authors (to make their lives easier) set “sslverify = false” in their Pro / Premium version update checks and/or other HTTP requests.
Luckily a few security and error checking plugins like the Query Monitor plugin (for example), will show a warning if the WordPress wp_remote_get() function is executed with “sslverify = false”. To make sure this is never the case, you can use the following filters in your functions.php file.
add_filter( 'https_ssl_verify', '__return_true', PHP_INT_MAX );
add_filter( 'http_request_args', 'http_request_force_ssl_verify', PHP_INT_MAX );
function http_request_force_ssl_verify( $args ) {
$args[ 'sslverify' ] = true;
return $args;
}