BugWP logo BugWP
Back to Community
Home / Community / General

Why Can't I Revert Sucuri Hardening? Common Issues and Solutions

21 threads Sep 16, 2025

Content

Many WordPress administrators use the Sucuri Security plugin's hardening features to protect their sites, but a frequent point of confusion arises when they try to revert these hardening settings and find the buttons are greyed out, unclickable, or simply don't work. This guide explains why this happens and provides the most common solutions to regain control.

Why Reverting Hardening Fails

Based on community reports and troubleshooting, the inability to revert hardening typically occurs for one of a few specific reasons:

  • The Sucuri Firewall is Active: If your site is behind the Sucuri Firewall (cloudproxy), the plugin will intentionally disable most revert buttons. This is because the firewall is considered a superior layer of protection, making the revert action redundant. The plugin assumes the firewall is handling the threat mitigation.
  • Some Options Are Permanent: Certain hardening actions, like "Remove WordPress Version," are designed to be a one-way operation. The plugin's developers have determined that reverting them is either pointless or too technically difficult to implement reliably.
  • File Permission Issues: The plugin may lack the necessary file permissions to modify critical files like wp-config.php or .htaccess to undo the changes.
  • Plugin or Hosting Conflicts: Another security plugin or a specific server configuration could be interfering, either by re-applying the security constant or blocking the Sucuri plugin's ability to write files.
  • A Bug or Display Error: In rarer cases, a cached scan result might show a hardening option as active when it is not, or a bug could prevent the interface from loading correctly.

How to Revert Hardening Manually

If the revert button is unavailable, you can often manually reverse the hardening. Important: Always back up your site before editing core files.

1. Reverting "Plugin and Theme Editor" Hardening

This feature adds a line to your wp-config.php file. To revert it:

  1. Access your wp-config.php file via FTP, SSH, or your hosting control panel's file manager.
  2. Look for a line that reads: define('DISALLOW_FILE_EDIT', true);
  3. You will likely see a Sucuri comment above it, e.g., // Sucuri Security: ...
  4. Delete this entire line (and the associated comment) to re-enable the file editors.

2. Reverting Directory Hardening (e.g., wp-content, wp-includes)

This feature adds an .htaccess file inside the target directory to block PHP execution.

  1. Navigate to the directory you hardened (e.g., /wp-content/).
  2. Locate the .htaccess file in that directory.
  3. Open it and look for code that looks like this: 
    <FilesMatch ".(?i:php)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>
  4. Delete this code block from the .htaccess file. If this was the only code in the file, you can safely delete the entire .htaccess file.

Troubleshooting Other Scenarios

  • If You Use the Sucuri Firewall: The greyed-out buttons are expected behavior. The general guidance from the Sucuri Security team is that the firewall's protection makes reverting these specific hardening rules unnecessary. If you must revert them for compatibility reasons, you will likely need to manually edit the files as described above, but the buttons will remain disabled.
  • If You Suspect a Conflict: Deactivate all other plugins and switch to a default WordPress theme (like Twenty Twenty-One). Then, check if the Sucuri Hardening tab loads and the revert buttons work. If they do, reactivate your plugins one by one to identify the conflict.
  • If the Hardening Tab is Blank: This is often a sign of a JavaScript conflict. Check your browser's console for errors and try the standard conflict test (deactivating other plugins) to identify the culprit.

Understanding why the Sucuri plugin behaves this way can save you significant troubleshooting time. In most cases, the solution involves a quick manual edit or recognizing that the firewall is already providing the protection you need.

Related Support Threads Support