Back to Community
Home / Community / General

Troubleshooting Common Solid Security Plugin Conflicts and Issues

50 threads Sep 10, 2025

Content

Users of the Solid Security – Password, Two Factor Authentication, and Brute Force Protection plugin sometimes encounter issues where the plugin conflicts with other themes, plugins, or website functionality. These conflicts can manifest as blank admin pages, AJAX/API communication errors (like 403 Forbidden responses), broken front-end features, or problems during the initial setup. This guide outlines the most common causes and provides step-by-step solutions to resolve them.

Why Do These Conflicts Happen?

Solid Security enhances website security by implementing various protective measures. Some of these measures, while effective against threats, can be overly restrictive and inadvertently block legitimate traffic or interfere with how other software operates. Common triggers include features that block specific user agents, restrict PHP execution in certain directories, or limit access to the WordPress REST API and XML-RPC.

Most Common Solutions

1. Disable the Default Ban List

This feature blocks a list of user agents and hosts known for malicious activity. However, it can sometimes be too broad and block legitimate services or plugins.

  • How to disable: Navigate to Security > Settings > Configure > Lockouts > Ban Users and disable the Default Ban List option.

2. Adjust PHP Execution Settings

The "Disable PHP in Plugins" and related system tweaks prevent PHP from executing in specific directories. This can break plugins or themes that require this functionality to operate correctly (e.g., booking systems, analytics plugins like Matomo, or page builders).

  • How to disable: Go to Security > Settings > Advanced > System Tweaks and disable the options under PHP Execution, particularly "Disable PHP in Plugins".

3. Enable XML-RPC and REST API Access

Many plugins and WordPress features (like the Gutenberg editor or external integrations) rely on communication via the REST API or XML-RPC. Solid Security's restrictions here can cause "invalid JSON response" errors or break functionality.

  • How to adjust: Find Security > Settings > Advanced > WordPress Tweaks. Ensure XML-RPC is enabled and that the REST API is set to "Default Access" or "Full Access".

4. Perform a Conflict Test

If the above steps don't resolve the issue, a broader conflict with your theme or another plugin is likely. This is a standard troubleshooting procedure for any WordPress issue.

  • Test for a plugin conflict: Temporarily deactivate all other plugins. If the issue is resolved, reactivate your plugins one by one to identify the culprit.
  • Test for a theme conflict: Temporarily switch your theme to a default WordPress theme like Twenty Twenty-One. If the issue is fixed, the conflict lies with your original theme.
  • The WordPress Health Check plugin can help you perform these tests without affecting the experience for your site visitors.

Specific Scenario: Blank Settings Page

If the Solid Security settings page is completely blank, this is almost always caused by a conflict with another plugin. The conflict test described above is the primary method to identify and resolve this. Some users have reported specific conflicts with plugins like Ultimate Addons for Elementor.

Specific Scenario: Can't Complete Setup (JSON Error)

If you receive "the response is not a valid JSON response" during the setup wizard, the issue is often that your web server or hosting provider is blocking essential HTTP methods (like PUT, PATCH, DELETE, or OPTIONS) required for the REST API to function correctly. You will need to contact your hosting provider and ask them to stop blocking these methods.

Conclusion

Many common issues with the Solid Security plugin can be resolved by adjusting a few key security settings that may be too restrictive for a specific site's environment. The process typically involves systematically disabling features to identify the conflict, starting with the Default Ban List and PHP Execution settings. If problems persist, a broader conflict test is the most reliable way to pinpoint the cause.

Related Support Threads Support