Title: Solid Security causing duplicate entry and blocking dashboard login?
Last modified: March 17, 2026

---

# Solid Security causing duplicate entry and blocking dashboard login?

 *  Resolved [jampotjaffa](https://wordpress.org/support/users/jampotjaffa/)
 * (@jampotjaffa)
 * [2 months, 2 weeks ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/)
 * Hi, it’s my first time posting here and I’m not a professional IT person – just
   an administrator in charge of updating a wordpress website…so please keep replies
   as simple as you can…. Thanks in advance.
 * After a 503 error last week and contacting our web hosting to see if it’s something
   they can resolve, they have advised that they noticed there’s some duplicate 
   code.
 * They advised:
 * While working on this I saw 2 entries today in the errors log of the website:
 * canalsidecommunityfood.org.uk [Fri Mar 13 09:24:34 2026] [error] [client 216.73.216.62:
   0] PHP Warning: Constant FORCE_SSL_ADMIN already defined in /home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config](http://canalsidecommunityfood.org.uk/public_html/wp-config).
   php on line 12
 * canalsidecommunityfood.org.uk [Fri Mar 13 09:24:34 2026] [error] [client 216.73.216.62:
   0] PHP Warning: Constant DISALLOW_FILE_EDIT already defined in /home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config](http://canalsidecommunityfood.org.uk/public_html/wp-config).
   php on line 11
 * These log entries are PHP warnings from a WordPress site, not fatal errors. They
   mean that two constants are being defined more than once in the file wp-config.
   php.
 * If you check the wp-config.phpfile in the public_html folder in File Manager,
   you see these entered twice instead of just one there:
 * define( ‘DISALLOW_FILE_EDIT’, true ); // Disable File Editor – Security > Settings
   > WordPress Tweaks > File Editor
 * define( ‘FORCE_SSL_ADMIN’, true ); // Redirect All HTTP Page Requests to HTTPS–
   Security > Settings > Enforce SSL
 * // END iThemes Security – Do not modify or remove this line
 * You could remove the duplicate.
 * And also: The site currently uses PHP version 8.0. We have up to 8.4 available
   to switch to but you need to first update the website to be compatible with a
   newer version before switching to it, otherwise it breaks the website and you’ll
   need to revert to the old PHP version for it to work.
 * Yesterday I tried to login to the dashboard to update wordpress and the login
   page won’t load and instead I get this:
 * **Warning**: Constant DISALLOW_FILE_EDIT already defined in **/home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config.php](http://canalsidecommunityfood.org.uk/public_html/wp-config.php)**
   on line **11**
 * **Warning**: Constant FORCE_SSL_ADMIN already defined in **/home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config.php](http://canalsidecommunityfood.org.uk/public_html/wp-config.php)**
   on line **12**
 * **Warning**: Cannot modify header information – headers already sent by (output
   started at /home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config.php:11](http://canalsidecommunityfood.org.uk/public_html/wp-config.php:11))
   in **/home/sites/[canalsidecommunityfood.org.uk/public_html/wp-content/plugins/better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php](http://canalsidecommunityfood.org.uk/public_html/wp-content/plugins/better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php)**
   on line **499**
 * **Warning**: Cannot modify header information – headers already sent by (output
   started at /home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config.php:11](http://canalsidecommunityfood.org.uk/public_html/wp-config.php:11))
   in **/home/sites/[canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php](http://canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php)**
   on line **1531**
 * **Warning**: Cannot modify header information – headers already sent by (output
   started at /home/sites/[canalsidecommunityfood.org.uk/public_html/wp-config.php:11](http://canalsidecommunityfood.org.uk/public_html/wp-config.php:11))
   in **/home/sites/[canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php](http://canalsidecommunityfood.org.uk/public_html/wp-includes/pluggable.php)**
   on line **1534**
 * Plus all our website pages load but show the first 2 warnings.
 * I contacted our web host again and they’ve said:
 *     ```wp-block-code
       This issue is a plug-in or code issue with the site.It's generated by the following lines in the wp-config file and looks like its the plugin - Solid Security..................// BEGIN Solid Security - Do not modify or remove this line// Solid Security Config Details: 2define( 'DISALLOW_FILE_EDIT', true ); // Disable File Editor - Security > Settings > WordPress Tweaks > File Editordefine( 'FORCE_SSL_ADMIN', true ); // Redirect All HTTP Page Requests to HTTPS - Security > Settings > Enforce SSL// END Solid Security - Do not modify or remove this linedefine( 'ITSEC_ENCRYPTION_KEY', 'RXQjWjA1M3clT1ZvL1RTVjJifHlZe2Z2W0d4NlBFMS9hV2JPX3dKL0hhSnV7aEhGa119cjsvXVd6SGE9bFJUTw==' );define( 'DISALLOW_FILE_EDIT', true ); // Disable File Editor - Security > Settings > WordPress Tweaks > File Editordefine( 'FORCE_SSL_ADMIN', true ); // Redirect All HTTP Page Requests to HTTPS - Security > Settings > Enforce SSL// END iThemes Security - Do not modify or remove this line..............................You'd need to ask the plug-in developer why this is causing the error?
       ```
   
 * I haven’t knowingly added any plugins recently, and am not sure any plugin update
   took place last week though it is plausible that happened (one little button 
   click that I might have forgotten amidst a tonne of other work).
 * Thanks so much for any advice about how I can resolve as not being able to login
   means I can’t currently update wordpress, remove the plugin or do anything else
   to manage the situation.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsolid-security-causing-duplicate-entry-and-blocking-dashboard-login%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [chandelierrr](https://wordpress.org/support/users/shanedelierrr/)
 * (@shanedelierrr)
 * [2 months, 2 weeks ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18854416)
 * Hello [@jampotjaffa](https://wordpress.org/support/users/jampotjaffa/),
 * Thanks for the detailed report, and we’re here to help!
 * Those first two warnings:
    - <code class=””>Constant DISALLOW_FILE_EDIT already defined
    - <code class=””>Constant FORCE_SSL_ADMIN already defined
 * mean those constants are being defined more than once in your `wp-config.php`.
   They’re normally written there by Solid Security, but in your case the same lines
   appear **twice** (often due to a previous iThemes/Solid config block being left
   in place).
 * Because those warnings are being output on the page, PHP/WP cannot send redirect/
   login headers anymore, which then triggers <code class=””>Cannot modify header
   information – headers already sent …
 * To resolve this, please follow these steps:
    1. Back up `wp-config.php` first (download a copy)
    2. In `public_html/wp-config.php`, ensure these are only defined once. So you’ll
       want to **remove the duplicate copies**. 
    3.  a. <code class=””>define( ‘DISALLOW_FILE_EDIT’, true );
        b. <code class=””>define( ‘FORCE_SSL_ADMIN’, true );
    4. Save the changes.
 * Also, please remove your <code class=””>ITSEC_ENCRYPTION_KEY from the forum post(
   it shouldn’t be shared publicly).
 * The end result should look like:
 *     ```wp-block-code
       // BEGIN Solid Security - Do not modify or remove this line// Solid Security Config Details: 2define( 'DISALLOW_FILE_EDIT', true );define( 'FORCE_SSL_ADMIN', true );// END Solid Security - Do not modify or remove this linedefine( 'ITSEC_ENCRYPTION_KEY', '…keep-this…' );
       ```
   
 * If you’re locked out and can’t reach wp-admin yet, you can temporarily disable
   Solid Security via FTP/File Manager by renaming: `wp-content/plugins/better-wp-
   security/` to <code class=””>better-wp-security.disabled/ then try logging in
   again.
 * Once the duplicate defines are fixed, you can rename the folder back to re-enable
   the plugin.
 * I hope this helps.
 *  Thread Starter [jampotjaffa](https://wordpress.org/support/users/jampotjaffa/)
 * (@jampotjaffa)
 * [2 months, 2 weeks ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18855307)
 * [@shanedelierrr](https://wordpress.org/support/users/shanedelierrr/) Thanks very
   much for the helpful step by step advice. Your explanation tallies with what 
   I’ve understood from our web host. I’m working my way through the steps you shared.
 * To do that, 2 things that should be / might seem simple but aren’t:
 * Can you please advise where to type the code you gave for step 1 and 2?
 * How do I edit my initial post to remove the sensitive info? (which meant nothing
   to me, so I’m grateful to you for flagging this to me) I don’t seem to have an
   edit button/option anywhere from this post…
 * Thanks in advance
 *  Thread Starter [jampotjaffa](https://wordpress.org/support/users/jampotjaffa/)
 * (@jampotjaffa)
 * [2 months, 1 week ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18856086)
 * Thanks again [@shanedelierrr](https://wordpress.org/support/users/shanedelierrr/)
   for the above help. With a bit of IT savvy help once I’d progressed as far as
   I could this is now resolved, so question 1 is redundant but I still can’t see
   how to edit my post to remove sensitive info…
 * Disabling Solid Security through FTP worked but also removed the custom login
   I normally use. I’d forgotten about the wp-admin route/didn’t realise that would
   still work. So (after a few hours of overcoming one block after another in accessing
   FTP and disabling the plugin) when I got a 404 error for the custom login I admitted
   defeat and reached out to a local contact who has worked on our site before. 
   He resolved the remaining issues very quickly and reinstated the custom login
   and Solid Security. Big relief!
 *  Plugin Support [chandelierrr](https://wordpress.org/support/users/shanedelierrr/)
 * (@shanedelierrr)
 * [2 months, 1 week ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18856896)
 * Hi [@jampotjaffa](https://wordpress.org/support/users/jampotjaffa/),
 * So sorry for the delayed response, and I’m glad you got the issues squared away!
   
   I’m adding some of our help articles here for future reference that can help 
   you when you encounter those issues again:
    - [Help! I’ve locked myself out of my site!](https://solidwp.com/documentation/security/how-it-works/frequently-asked-questions/#help-ive-locked-myself-out-of-my-site)–
      helpful when you get locked out or forgot the HBE URL.
    - [Encryption Key Management](https://solidwp.com/documentation/security/how-it-works/all-about-solid-securitys-tools/#h-encryption-key-management)–
      can help you set a new encryption key or rotate the existing one, since there’s
      no option to edit the initial post.
 * I’ll mark this thread resolved now, but feel free to reach out again if you need
   help.
 *  Thread Starter [jampotjaffa](https://wordpress.org/support/users/jampotjaffa/)
 * (@jampotjaffa)
 * [2 months, 1 week ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18859832)
 * Thanks. Any advice about editing my original post to remove the sensitive data.
   I’ve looked at everything I can think of to do this…

Viewing 5 replies - 1 through 5 (of 5 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsolid-security-causing-duplicate-entry-and-blocking-dashboard-login%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [dashboard](https://wordpress.org/support/topic-tag/dashboard/)
 * [duplicate code](https://wordpress.org/support/topic-tag/duplicate-code/)
 * [login](https://wordpress.org/support/topic-tag/login/)

 * 5 replies
 * 2 participants
 * Last reply from: [jampotjaffa](https://wordpress.org/support/users/jampotjaffa/)
 * Last activity: [2 months, 1 week ago](https://wordpress.org/support/topic/solid-security-causing-duplicate-entry-and-blocking-dashboard-login/#post-18859832)
 * Status: resolved