Tips for troubleshooting Solid Central

Solid Central allows you to manage multiple WordPress websites from a central location. Occasionally, you may encounter issues or errors when managing your Solid Central Dashboard. This doc gives you an overview of some of the most common errors when using Solid Central and key troubleshooting steps.

Retrieving Your Site ID

Each site to Solid Central is assigned a unique ID for identification. When contacting the SolidWP support team, it�s advisable to include the Site ID of the problematic site, along with screenshots or a screen recording of the issue or the steps you’ve tried. This information helps the team resolve your issue more quickly.

How to Find Your Site ID

1) Open your Solid Central Dashboard and navigate to the Sites screen.

2) Locate the domain of the site and right-click on the “Site Admin” button.

3) Copy the link and paste it on your notes app or anywhere.

4) Take note of the numbers at the end of the URL (after /login/) – this is your Site ID.

4) Include the Site ID in your support ticket, along with the details of the issue.

Central Server Whitelisting

Due to the nature of the service, your host or a security plugin could block the Solid Central IP, preventing websites from being connected. If this happens, you may need to whitelist Central IPs and/or access ports:

Important Central IPs

Add these IPs to your server’s allowlist:

207.246.254.118
207.246.255.233
207.246.255.133
207.246.255.60

Central Access Ports

You can also add the following access ports to your server’s allowlist:

Central User-Agent

Solid Central uses this user-agent:

Mozilla/5.0 (compatible; iThemes Sync/1.0; +http://ithemes.com/sync).

It’s important to ensure that your server firewall or ModSecurity isn’t blocking this.

Uptime Whitelisting

If your site uses a security plugin or firewall that restricts traffic by IP, UptimeRobot�s monitoring checks may be blocked and cause false downtime alerts. To prevent this, you can whitelist UptimeRobot�s IP addresses so its uptime requests are allowed to reach your site. Add the IP addresses listed below to your hosting firewall, CDN, or security plugin�s allowlist. This ensures accurate uptime monitoring without compromising your site�s protection.

Note: this list was updated on April 21st, 2026 to reflect changes to UptimeRobot’s IP addresses

You can bookmark the raw list of IP addresses here.

Imunify360 Whitelisting

Imunify360 restricts automated scanning activity on protected servers, which can interfere with Solid Central�s site monitoring features, specifically plugin and site data collection.

As a workaround, users needing SolidWP on their servers can manually whitelist the required IP range using one of the following options: IP group management, an external IP list file, or the native agent method.
https://docs.imunify360.com/dashboard/#firewall
https://docs.imunify360.com/features/#external-black-whitelist-management

Quick Connection Checklist

When a site fails to connect to Solid Central, several factors may be responsible, including server configuration, security settings, or WordPress settings. This quick connection checklist helps you work through the most common causes and recommended steps to resolve them:

WordPress Settings

Enable Application Passwords
- Solid Central requires the WordPress Application Passwords feature; you must approve the application password request to successfully connect the site to Central.
- To confirm that it’s enabled on your site, check your WordPress user profile in WP Admin > Users > Profile (or edit your account) and you should see an “Application Passwords” section.
  Note: Solid Central uses the “SolidWP” application password name.
- For Solid Security users, here’s how to unblock it:
  - Toggle ON the Two-Factor Authentication module in Solid Security settings.
  - Go to User Groups and toggle ON “Application Passwords” in the user group your account belongs to.
  - Attempt the connection via Solid Central Dashboard again, ensuring that you accept the application password request.
  - See this quick demo: https://www.loom.com/share/eefffff1351a4d7cbe63c7f387be2588?sid=5f67db1f-165e-4478-9f50-5463fb2d0222%20
- If you use other security plugins, check their documentation for enabling Application Passwords.
  - For example, Hostinger’s “Hostinger Tools” plugin can disable this feature.
Ensure site use HTTPS
- Solid Central requires a secure HTTPS connection to communicate with your site. Test or staging sites using plain HTTP (http://) may fail to connect, returning errors such as:
  - Could not validate the authorization attempt
  - The requested user is not authenticated
  - Application Passwords authorization endpoint not found
- Solution: Install a valid SSL certificate and connect via the HTTPS version of your site.
Verify WordPress URL Settings
- Go to WP Admin > Settings > General and confirm both the WordPress Address (URL) and Site Address (URL) fields use https.
Check Permalink Structure
- Go to WP Admin > Settings > Permalinks and ensure the structure is not set to �Plain.�
Avoid Forced Login Redirects
- Make sure that your site does not automatically redirect visitors to the login page.
Re-attempt With Defaults
- Try running a fresh connection attempt (which means all the old SolidWP app passwords must be removed from your WP Profile) while all other plugins are deactivated and while switched to a default WordPress theme (e.g., Twenty Twenty-Five).
Disable Solid Security Pro’s Trusted Devices feature
- There is a known incompatibility with Solid Security Pro’s Trusted Devices feature at the moment, so keep it disabled for now.

Server & Security Configuration

Verify WordPress REST API Accessibility
- Ensure that the site’s REST API endpoints (e.g., https://example.com/wp-json/) are accessible.
- If using a security plugin, check if there’s a setting that can disable/restrict REST API and adjust as needed.
Check ModSecurity or Firewall logs in the Server
- Review your server security logs for blocked Solid Central requests.
- Specifically, ModSecurity rule 225170 has been reported to block Solid Central requests. If found, request your host to whitelist Solid Central IPs or disable this rule for your domain.
Whitelist Solid Central
- Whitelist Solid Central’s IP addresses, ports, and user agent directly on the server not just on your security plugin.
Verify SSL Certificate, TLS Support, and Proxy Configuration
- Ensure your site has a valid, active SSL certificate that is correctly installed and trusted.
  - You can use tools like SSL Shopper SSL Checker or Qualys SSL Lab s to confirm the installation.
- Ensure that your server supports TLS 1.2. You can test with Qualys SSL Lab s to know if it’s supported.
- If your site uses a CDN or proxy such as Cloudflare, ensure the SSL mode is compatible with authenticated API requests. Cloudflare recommends using Full or Full (Strict) SSL to prevent connection and authorization issues.
- Check for Chain issues
  - In SSL Labs, look under the Chain issues section. If you see “Contains anchor“, it means the server is incorrectly sending the root certificate in the chain, which can cause Solid Central to reject the connection, even if the site appears secure in browsers.
  - How to fix? Ask your hosting provider or SSL vendor to remove the root certificate from the chain being served by your web server. Once corrected, re-run the SSL test and confirm the “Contains anchor” warning disappears.
Enable PHP-FPM
- Confirm PHP-FPM is enabled on the server.
Allow Authorization Headers
- Confirm with your hosting provider that the Authorization header is not being stripped on your server. Some servers strip this header for GET/HEAD requests by default. Solid Central uses a GET request to verify Application Passwords, and blocking this header can cause connection failures.
- For Apache servers, add this to your .htaccess file:
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Additional Troubleshooting

If all else fails, try to apply this recommended code snippet in wp-config.php to bypass certain conflicts:
- define( 'ITHEMES_SYNC_SKIP_SET_IS_ADMIN_TO_TRUE', true );

See Site connects initially but disconnects after a while for more details.

Connection Errors

When Solid Central attempts to connect to your website but is blocked for some reason, it displays an error that can give you a clue on what went wrong. Here are some of the common errors that you may encounter:

Failed to discover authentication, application passwords authorization endpoint not found

This error indicates that Solid Central’s Application Password request is blocked by a security plugin or setting on your site. To resolve, check your security plugin/settings for a feature that disables the WordPress Application Passwords feature.

You can confirm that the Application Passwords feature is enabled by checking your WordPress admin profile. If enabled, you�ll see an Application Passwords section when viewing or editing your user profile settings. Note: Solid Central uses the “SolidWP” password name.

If you have other security plugins installed, please consult their documentation on how to enable application passwords. If you are on Hostinger, the Hostinger Tools plugin has the ability to disable application passwords. Please consult their documentation or support for how to enable application passwords within their plugin.

Invalid URL, could not connect.

There are several reasons this error is triggered, so try to troubleshoot the following areas on your site and/or server with the help of your hosting provider:

Ensure your server supports TLS version 1.2. Some servers are set to the newer version of 1.3 (which is okay) but had disabled 1.2, which Solid Central requires. Note: Kinsta does not enable TLS 1.2 by default and you will need to reach out to their support to have this enabled.
Ensure REST API is enabled and accessible on the site.
Ensure the server’s Basic Authentication Authorization header is accessible. The Authorization header is crucial for Application Passwords because it allows authentication requests to be securely processed. If this header is missing or blocked�often due to server configuration, authentication fails, preventing external applications such as Solid Central from accessing your site’s REST API endpoints.
- You can inform your host that the default behavior during Solid Central’s connection request is to strip the Authorization header for GET and HEAD requests. Solid Central makes a GET request to verify that we have a good application password and if something is not allowing that header to go through, it could be why it’s failing.

Failed to discover WP REST, unable to communicate with the site.

This error indicates an issue with accessing your site’s REST API, so double-check that it’s enabled and accessible. If you have any security plugins, try to temporarily disable them.

Could not validate the authorization attempt

If you get this error despite making sure the WP Application Passwords is enabled on your site, the issue may be due to selected Permalink structure.

Double-check that the permalink structure of your site is not set to “Plain” via WP Admin -> Settings -> Permalinks.

Solid Central was forbidden from accessing your site. Please check if the Solid Central server IP address has been blocked.

This error is more straightforward than the others, so ensure the Solid Central IPs listed above aren’t blocked on your server, and have your host whitelist them directly on the server firewall.

Divi’s Exit the Visual Builder Is Broken When Accessing Site Via Central

If you use Divi’s Exit Visual Builder feature, you may encounter a conflict with Central if you use Central to access your WordPress site via the Visit Site or Site Admin links. Adding the snippet below to your theme’s function.php file will resolve this issue.

add_filter('ithemes-sync-admin-bar-item-whitelist-' . get_current_blog_id(), function ($whitelist) {
    if (!in_array('et-disable-visual-builder', $whitelist)) {
        $whitelist[] = 'et-disable-visual-builder';
    }

    if (!in_array('et-use-visual-builder', $whitelist)) {
        $whitelist[] = 'et-use-visual-builder';
    }

    return $whitelist;
});

If Adding from Solid Central Fails, Connect from WordPress Instead

If connecting your site to Solid Central from the Solid Central dashboard doesn’t work, the issue may be related to hosting configurations outside of your control or a plugin that is blocking requests from the outside. In those cases, connect directly from your WordPress admin panel instead.

To do this: Go to WP Admin -> Settings -> Solid Central and click the Connect button.

This method uses the same underlying connection but may succeed where the other fails.

Common Issues

Site connects initially but disconnects after a while

If you’re experiencing connectivity issues with Solid Central where the connection drops:

immediately after the site is connected or
after updating certain plugins (for example, Google Analytics for WordPress by MonsterInsights or Google for WooCommerce)

try adding the following line to your site�s wp-config.php file, just above the line that says: /* That's all, stop editing! Happy publishing. */

define( 'ITHEMES_SYNC_SKIP_SET_IS_ADMIN_TO_TRUE', true );

This disables a specific behavior in the Solid Central connection process that may conflict with how certain plugins load admin privileges during REST API requests.

Is it safe to add this constant?

Adding this constant should be safe in most cases, as it specifically bypasses the remote admin detection behavior of some plugins during REST API calls, and it shouldn�t affect the overall functionality of your site or Solid Central. Still, if you observe any issue related to admin detection or remote REST API requests after adding it, contact the SolidWP support team for assistance.

Pro tip: You can also try this method if you’re experiencing connectivity issues on a site that hasn’t yet been connected to your Solid Central account.

Getting Authorization Errors on Google Analytics/Search Console Areas

If you’re seeing errors like:

“We could not locate this site using your existing linked account(s).”
“No authorized user found with access to this site. Please add an authorized account.”

These usually indicate a problem with how Solid Central is connecting to your Google Analytics and/or Google Search Console (GSC) accounts. Below are common causes of these errors and how to resolve them:

Missing or Incorrect Web Stream Tag (GA4)
Ensure that the Web Stream Details Google Tag from your GA4 property is correctly added to the <head> of your website. You can add this manually or via a plugin like Google Site Kit.

Outdated or Cached Measurement IDs
If your website was previously using a different GA property, a cached/outdated Measurement ID can interfere with Solid Central’s ability to locate the property correctly.

Unlinked GSC and GA Properties
Even if both GA and GSC are enabled for your account, they must be linked together within Google�s platform for Solid Central to access both correctly.

Broken API Authorization
Google authorizations can sometimes get outdated�especially if you unlink or relink accounts or properties after the initial Solid Central connection.

How to resolve GA/GSC issues on Solid Central?

Confirm that the correct Web Stream Details Google Tag from your GA4 property is correctly added to the <head> of your website. Use Google Tag Assistant or your browser’s View Page Source to confirm.
Confirm that the ID shown is the correct ID generated by the property.
Clear your browser’s cache and cookies. Also, clear and server-level and plugin caches.
Try reconnecting via Solid Central.

If the above doesn’t help, proceed with removing Solid Central from your Google Account Permissions to hard reset the connection:

Open myaccount.google.com and sign in with the authorized account.
Navigate to �Date & privacy� in the sidebar menu.
Clicking �Data from apps and service you use� will scroll you to the section with �Third-party apps and service� and select it
Scroll down and select �Solid Central�
Click the “Delete all connections you have with Solid Central” link at the bottom
Go back to Central and attempt authorization of Google Analytics/Search Console again

Note that restarting the connection will happen on all sites connected to Solid Central using the same Google account.

I cannot find the Solid Central plugin on my WordPress dashboard view

The Solid Central plugin can be hidden from a user’s WordPress dashboard view via the Solid Central Dashboard’s Hide and Show plugin setting. This is controlled by a setting called show_sync within the plugin�s internal options.

In some cases, the Solid Central plugin may appear hidden from the WordPress Plugins page, even though it is installed and active, and is not being hidden from the dashboard setting.

To temporarily reveal the plugin, visit:
/wp-admin/plugins.php?ithemes-sync-force-display=1
This sets a user-specific transient that displays the plugin for approximately 10 minutes.

To permanently unhide the plugin, update the show_sync option to true via WP-CLI or a must-use (MU) plugin. Example WP-CLI command:

wp site option update ithemes-sync-settings '{"show_sync":true}' --format=json

For sites without WP-CLI access, create a file named unhide-solid-central.php in the wp-content/mu-plugins/directory and add:

<?php
/**
 * Plugin Name: Unhide Solid Central
 * Description: Permanently unhides the Solid Central (iThemes Sync) plugin for all users.
 */

add_action('init', function() {
    if (is_admin()) {
        $settings = get_site_option('ithemes-sync-settings', []);
        if (!is_array($settings)) {
            $settings = [];
        }
        $settings['show_sync'] = true;
        update_site_option('ithemes-sync-settings', $settings);
    }
});

This ensures the Solid Central plugin remains visible in the WordPress dashboard.

Cannot copy file error when connecting to Solid Central

This error usually appears when the web host blocks file operations due to missing permissions or required PHP extensions. In most cases, the zip or pclzip extensions are not installed, or the hosting environment is preventing the plugin from copying files.

When a site connects to Solid Central for the first time, the system attempts to automatically install the Solid Central plugin. If that installation fails, the connection cannot complete.

Solution:
Manually install the plugin by following these steps: