网捷达

Resolved jampotjaffa
(@jampotjaffa)

1 month ago
Hi, it’s my first time posting here and I’m not a professional IT person – just an administrator in charge of updating a wordpress website…so please keep replies as simple as you can…. Thanks in advance.

After a 503 error last week and contacting our web hosting to see if it’s something they can resolve, they have advised that they noticed there’s some duplicate code.

They advised:

While working on this I saw 2 entries today in the errors log of the website:

canalsidecommunityfood.org.uk [Fri Mar 13 09:24:34 2026] [error] [client 216.73.216.62:0] PHP Warning: Constant FORCE_SSL_ADMIN already defined in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php on line 12

canalsidecommunityfood.org.uk [Fri Mar 13 09:24:34 2026] [error] [client 216.73.216.62:0] PHP Warning: Constant DISALLOW_FILE_EDIT already defined in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php on line 11

These log entries are PHP warnings from a WordPress site, not fatal errors. They mean that two constants are being defined more than once in the file wp-config.php.

If you check the wp-config.phpfile in the public_html folder in File Manager, you see these entered twice instead of just one there:

define( ‘DISALLOW_FILE_EDIT’, true ); // Disable File Editor – Security > Settings > WordPress Tweaks > File Editor

define( ‘FORCE_SSL_ADMIN’, true ); // Redirect All HTTP Page Requests to HTTPS – Security > Settings > Enforce SSL

// END iThemes Security – Do not modify or remove this line

You could remove the duplicate.

And also: The site currently uses PHP version 8.0. We have up to 8.4 available to switch to but you need to first update the website to be compatible with a newer version before switching to it, otherwise it breaks the website and you’ll need to revert to the old PHP version for it to work.

Yesterday I tried to login to the dashboard to update wordpress and the login page won’t load and instead I get this:

Warning: Constant DISALLOW_FILE_EDIT already defined in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php on line 11

Warning: Constant FORCE_SSL_ADMIN already defined in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php on line 12

Warning: Cannot modify header information – headers already sent by (output started at /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php:11) in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-content/plugins/better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php on line 499

Warning: Cannot modify header information – headers already sent by (output started at /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php:11) in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php on line 1531

Warning: Cannot modify header information – headers already sent by (output started at /home/sites/canalsidecommunityfood.org.uk/public_html/wp-config.php:11) in /home/sites/canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php on line 1534

Plus all our website pages load but show the first 2 warnings.

I contacted our web host again and they’ve said:
```
This issue is a plug-in or code issue with the site.

It's generated by the following lines in the wp-config file and looks like its the plugin - Solid Security

..................

// BEGIN Solid Security - Do not modify or remove this line

// Solid Security Config Details: 2

define( 'DISALLOW_FILE_EDIT', true ); // Disable File Editor - Security > Settings > WordPress Tweaks > File Editor

define( 'FORCE_SSL_ADMIN', true ); // Redirect All HTTP Page Requests to HTTPS - Security > Settings > Enforce SSL

// END Solid Security - Do not modify or remove this line

define( 'ITSEC_ENCRYPTION_KEY', 'RXQjWjA1M3clT1ZvL1RTVjJifHlZe2Z2W0d4NlBFMS9hV2JPX3dKL0hhSnV7aEhGa119cjsvXVd6SGE9bFJUTw==' );

define( 'DISALLOW_FILE_EDIT', true ); // Disable File Editor - Security > Settings > WordPress Tweaks > File Editor

define( 'FORCE_SSL_ADMIN', true ); // Redirect All HTTP Page Requests to HTTPS - Security > Settings > Enforce SSL

// END iThemes Security - Do not modify or remove this line

..............................

You'd need to ask the plug-in developer why this is causing the error?
```
I haven’t knowingly added any plugins recently, and am not sure any plugin update took place last week though it is plausible that happened (one little button click that I might have forgotten amidst a tonne of other work).

Thanks so much for any advice about how I can resolve as not being able to login means I can’t currently update wordpress, remove the plugin or do anything else to manage the situation.

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support chandelierrr
(@shanedelierrr)

1 month ago
Hello @jampotjaffa,

Thanks for the detailed report, and we’re here to help!

Those first two warnings:
- <code class=””>Constant DISALLOW_FILE_EDIT already defined
- <code class=””>Constant FORCE_SSL_ADMIN already defined
mean those constants are being defined more than once in your wp-config.php. They’re normally written there by Solid Security, but in your case the same lines appear twice (often due to a previous iThemes/Solid config block being left in place).

Because those warnings are being output on the page, PHP/WP cannot send redirect/login headers anymore, which then triggers <code class=””>Cannot modify header information – headers already sent …

To resolve this, please follow these steps:
1. Back up wp-config.php first (download a copy)
2. In public_html/wp-config.php, ensure these are only defined once. So you’ll want to remove the duplicate copies.
  1. <code class=””>define( ‘DISALLOW_FILE_EDIT’, true );
  2. <code class=””>define( ‘FORCE_SSL_ADMIN’, true );
3. Save the changes.
Also, please remove your <code class=””>ITSEC_ENCRYPTION_KEY from the forum post (it shouldn’t be shared publicly).

The end result should look like:
```
// BEGIN Solid Security - Do not modify or remove this line
// Solid Security Config Details: 2
define( 'DISALLOW_FILE_EDIT', true );
define( 'FORCE_SSL_ADMIN', true );
// END Solid Security - Do not modify or remove this line

define( 'ITSEC_ENCRYPTION_KEY', '…keep-this…' );
```
If you’re locked out and can’t reach wp-admin yet, you can temporarily disable Solid Security via FTP/File Manager by renaming: wp-content/plugins/better-wp-security/ to <code class=””>better-wp-security.disabled/ then try logging in again.

Once the duplicate defines are fixed, you can rename the folder back to re-enable the plugin.

I hope this helps.
Thread Starter jampotjaffa
(@jampotjaffa)

1 month ago

@shanedelierrr Thanks very much for the helpful step by step advice. Your explanation tallies with what I’ve understood from our web host. I’m working my way through the steps you shared.

To do that, 2 things that should be / might seem simple but aren’t:

Can you please advise where to type the code you gave for step 1 and 2?

How do I edit my initial post to remove the sensitive info? (which meant nothing to me, so I’m grateful to you for flagging this to me) I don’t seem to have an edit button/option anywhere from this post…

Thanks in advance

Thread Starter jampotjaffa
(@jampotjaffa)

1 month ago

Thanks again @shanedelierrr for the above help. With a bit of IT savvy help once I’d progressed as far as I could this is now resolved, so question 1 is redundant but I still can’t see how to edit my post to remove sensitive info…

Disabling Solid Security through FTP worked but also removed the custom login I normally use. I’d forgotten about the wp-admin route/didn’t realise that would still work. So (after a few hours of overcoming one block after another in accessing FTP and disabling the plugin) when I got a 404 error for the custom login I admitted defeat and reached out to a local contact who has worked on our site before. He resolved the remaining issues very quickly and reinstated the custom login and Solid Security. Big relief!
Plugin Support chandelierrr
(@shanedelierrr)

4 weeks, 1 day ago
Hi @jampotjaffa,

So sorry for the delayed response, and I’m glad you got the issues squared away!

I’m adding some of our help articles here for future reference that can help you when you encounter those issues again:
- Help! I’ve locked myself out of my site! – helpful when you get locked out or forgot the HBE URL.
- Encryption Key Management – can help you set a new encryption key or rotate the existing one, since there’s no option to edit the initial post.
I’ll mark this thread resolved now, but feel free to reach out again if you need help.
Thread Starter jampotjaffa
(@jampotjaffa)

3 weeks, 4 days ago

Thanks. Any advice about editing my original post to remove the sensitive data. I’ve looked at everything I can think of to do this…

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Solid Security causing duplicate entry and blocking dashboard login?

Tags