Known conflicts with security plugins

We notice several conflicts with popular security plugins.

iThemes Security

When the option System Tweaks -> Disable PHP in Plugins is enabled, all AJAX calls of the live search will be blocked.

Go to Security -> Settings -> System Tweaks -> uncheck Disable PHP in Plugins

Sucuri Security

Sucuri security firewall may block AJAX calls of the live search


  1. You need to log in to your Sucuri panel
  2. Go to the settings
  3. Find section Access Control -> whitelist URL
  4. Add the following URL to the white list:

WP Defender by WPMU DEV


WP defender may disable PHP execution from the plugins directory. Then AJAX calls of the live search will be blocked.


Go to Defender -> Recommendations -> Actioned -> Prevent PHP execution and add following file as exception.


Still not working?

Some security plugins don’t clean up after themselves. Try to check manually if you have security rules added to e.g. .htaccess in following paths:


NGINX configuration blocks AJAX endpoint

Some nginx configuration may block executing PHP files included directly in the plugins directory. There is no one solution. It depends on your NGINX configuration. We recommend contact your hosting provider and ask to allow to execute the following file:

Here are few samples nginx config which helps other users.

  1. Adding extra rules to /usr/local/nginx/conf/wpsecure_${vhostname}.conf
# Whitelist Exception for FiboSearch endpoint
location ~ ^/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/ {
  include /usr/local/nginx/conf/php.conf;