Back to Community
Home / Community / PluginReally simple security

Why Is My Really Simple SSL Plugin Settings Greyed Out?

10 threads Sep 10, 2025 PluginReally simple security

Content

If you're using the Really Simple SSL plugin and find that certain settings or options are greyed out and unavailable for configuration, you're not alone. This is a common point of confusion that has a logical explanation. This article will explain why this happens and how you can resolve it.

Why Are Settings Greyed Out?

Based on community reports and troubleshooting threads, the primary reason a setting is greyed out in the Really Simple SSL dashboard is that the feature is already being managed elsewhere on your WordPress site.

The plugin is designed to prevent conflicts and duplicate configurations. If it detects that a specific security header or feature is already active, it will disable its own control for that item to avoid issues. This is most frequently seen with security headers like Permissions-Policy, X-Content-Type-Options, or others.

How to Find Where a Feature is Already Set

To regain control and configure these settings within Really Simple SSL, you first need to locate and remove the duplicate configuration. Here are the most common places to check:

  1. Your .htaccess File: This is a common location for manually added security headers. Access your site's root directory via FTP or your hosting file manager and check the .htaccess file for lines containing headers like Header set Permissions-Policy or Header set X-Frame-Options.
  2. Another Security Plugin: You may have another security or performance plugin active that is also setting these headers. Temporarily deactivate other plugins one by one to see if the greyed-out option in Really Simple SSL becomes available.
  3. Your Theme's functions.php File: Sometimes, themes include code snippets that add security headers. Check your theme's functions.php file for any relevant code.
  4. Server-Level Configuration: In some cases, your web hosting provider may be setting certain security headers at the server level. You may need to contact your host's support to confirm this or to have them removed if you wish to manage them yourself via the plugin.

Verifying the Header is Set

You can use a free online tool like SecurityHeaders.com to quickly scan your domain. This tool will show you all the security headers currently being sent by your website and can help you confirm which one is already active.

What to Do Next

Once you have identified and removed the duplicate configuration (e.g., deleted the line from your .htaccess file or disabled the feature in another plugin), the setting should no longer be greyed out in the Really Simple SSL settings. You can then enable and configure the feature directly within the plugin.

Note on Database Prefix Notice: Another unrelated issue mentioned in the threads is a persistent notice about a default database prefix. If you have already changed the prefix but the notice remains, it is likely cached. You can simply dismiss this notice by clicking the "X" next to it.

Related Support Threads Support