BugWP logo BugWP
Back to Community
Home / Community / PluginSolid security – password, two factor authentication, and brute force protection

Troubleshooting Solid Security and WooCommerce Integration Issues

27 threads Sep 7, 2025 PluginSolid security – password, two factor authentication, and brute force protection

Content

Many WordPress site owners rely on the 'Solid Security – Password, Two Factor Authentication, and Brute Force Protection' plugin to harden their sites. However, a common challenge arises when this robust security suite interacts with complex e-commerce platforms like WooCommerce and its various third-party integrations. This guide will help you diagnose and resolve the most frequent conflicts.

Why Do These Conflicts Happen?

Solid Security protects your site by blocking certain types of requests and behaviors that are commonly used in attacks. WooCommerce, along with payment gateways, shipping providers, and analytics services, often relies on similar technical methods for its legitimate operations—like long query strings, XML-RPC communication, or specific REST API calls. The security plugin, acting conservatively, can sometimes block these legitimate requests, causing features to break.

Common Conflicts and Their Solutions

1. WooCommerce Analytics or Admin Dashboards Not Loading

This is one of the most reported issues. The WooCommerce analytics dashboard and other admin sections may fail to load data, often showing a blank screen or errors in the browser console.

Primary Solution: This was historically caused by the 'Filter long URL strings' setting. However, note that this specific setting was removed in Solid Security version 8.0. If you are on a modern version of the plugin and experiencing this, the conflict is likely elsewhere.

2. Payment Gateway, Shipping, or API Webhooks Being Blocked (403 Errors)

Services like Stripe, ShipStation, Printful, Billbee, Zapier, or Bling may fail to communicate with your site, resulting in failed payment status updates, syncing errors, or 403 Forbidden errors.

Recommended Troubleshooting Steps:

  • Disable the Default Ban List: Navigate to Security > Settings > Configure > Lockouts and disable the 'Default Ban List' feature. This list can sometimes block legitimate services.
  • Adjust REST API and XML-RPC Settings: Many integrations depend on these communication protocols. Go to Security > Settings > Advanced > WordPress Tweaks and ensure 'Enable XML-RPC' is checked. Also, set the 'REST API' setting to 'Default Access' instead of 'Restricted Access'.
  • Review System Tweaks: In Security > Settings > Advanced > System Tweaks, try temporarily disabling the following features one by one to test for conflicts:
    • Filter Suspicious Query Strings in the URL
    • Filter Non-English Characters
    • Disable PHP Execution in plugins, themes, and uploads folders

3. Conflicts with Two-Factor Authentication (2FA) and Application Passwords

If you use services like Zapier that authenticate via WordPress Application Passwords, enabling 2FA can sometimes interfere.

Key Insight: According to the plugin's intended behavior, using an Application Password should bypass the requirement for two-factor authentication. If this is not happening, it may indicate a specific bug or conflict. Test with a user account that has 2FA disabled.

4. The "Hide Backend" Feature and WooCommerce

If you use the 'Hide Backend' feature to change your login URL, be aware that WooCommerce may still expose the protected login URL with the itsec-hb-token in its scripts. This is a limitation of the obscurity-based security approach.

General Troubleshooting Methodology

  1. Isolate the Conflict: Deactivate all plugins except WooCommerce and Solid Security. If the issue resolves, reactivate your other plugins one by one to find the other conflicting plugin.
  2. Identify the Culprit Setting: If the conflict is between WooCommerce and Solid Security, go to the Solid Security settings dashboard and disable all active features. Then, re-enable them one by one, testing your WooCommerce functionality after enabling each one. This will pinpoint the exact setting causing the problem.
  3. Check for Updates: Always ensure both WooCommerce and Solid Security are updated to their latest versions, as conflicts are often resolved in subsequent releases.

By methodically working through these common solutions, you can usually find a configuration that maintains a high level of security without interrupting your store's vital operations.

Related Support Threads Support