Last Chance: Cyber Monday 40% OFF



How to debug a blank settings page in Really Simple SSL

Tackle WordPress weaknesses and fortify your website Learn more

If you can’t view your settings in Really Simple SSL, but instead see a blank page, there are some common causes you can check.

Missing capability

You do not have permission to access this page.

If you see this message, this means your role does not have the ‘manage_security’ capability. This capability was introduced in 5.2.2. The upgrade should have added it, but if not, please install the ‘User Role’ plugin and add this capability to your role.


In some cases it simply helps by going to settings/permalinks, and click ‘save’. This will flush the permalink structure.

Please also check if your URL’s, e.g. “”, are working. If not, try renaming the .htaccess file, and re-save the permalinks again. This will re-create the .htaccess file, correctly written.

REST API disabled

If you go to you should see a list of posts, in raw json format. Compare with

If not, please check if you use a plugin which disabled the REST API.

Not found 404 response

Using the Chrome browser, if you go to the Really Simple SSL settings page, settings/ssl, then right click on the screen, click “inspect”, “console”, you will see the developer console. If the settings page does not load it will show some errors here. There will probably be a line like ‘’ with an error message. If this is a 404:

  • We are about to release a fix for configurations where the HTTP_X_WP_NONCE wasn’t available in the permissions check function. The current github master contains this fix. This will be released in version 6.0.11

Content Security Policy

If you are a pro user, and have activated the Content Security Policy in a previous version, it sometimes happens that the policy is not fully upgraded during the update and is set too strict. If this is the case you should see something in the developers console on the SSL settings page like ‘ Refused to load * because it does not appear in the style-src directive of the Content Security Policy”.  In that case you can temporarily comment out the advanced-headers.php line in the wp-config.php. Then you should be able to visit the settings page. If you disable the Content Security Policy, then set it to learning mode first, it will add the necessary rules during learning mode.

Still not working?

Please contact us so we can figure out the problem. Please attach a screenshot of the console errors you see and the plugins you have active. This will also help others in the WordPress community!

Table of Contents

Peter Tak

Peter Tak

Security Officer at Really Simple Plugins

Read More

Advanced Security

Tackle WordPress weaknesses and fortify your website. New hardening features!


Want to know the in and outs of security jargon? Get to know our features.

Premium support will offer assistance in 24 hours. If you need help, or have any questions just contact our awesome support team/

Related articles