Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Plugin / Theme Conflicts

If a feature stops working after installing or updating VMP Security, the cause is often a conflict with another plugin or theme rather than a bug in VMP Security itself. Conflicts are not anyone’s fault — they happen because two pieces of code make different but reasonable assumptions about WordPress that turn out to be incompatible. This article walks through the standard process for isolating a conflict.

In This Article

Isolating the conflict

The standard isolation procedure is mechanical and works regardless of the symptom. Do it on staging if you have one; the procedure involves disabling things, which has user-facing consequences on a live site.

  1. Confirm the issue is not caused by VMP Security alone. Disable VMP Security and reproduce the issue without it. If the issue still occurs, the problem is elsewhere; do not waste time on conflict isolation.
  2. Disable all other plugins. Re-enable VMP Security. If the issue is gone, the conflict is with one of the disabled plugins.
  3. Switch to a default theme (Twenty Twenty-Five or similar). If the issue is gone after this step, the conflict is with the previous theme.
  4. Re-enable plugins one at a time, checking after each whether the issue returns. The plugin you re-enable when the issue returns is the conflict.
  5. If two plugins together cause the issue but neither alone does, you have a three-way conflict. These are rare. Disable plugins in pairs and look for the combination that triggers it.

The procedure is annoying but reliable. There are tools that try to short-circuit it (Health Check & Troubleshooting plugin, for example), but in our experience the manual procedure is faster than chasing tooling that does not quite work.

Common conflicts

A few categories of conflict come up repeatedly. If you are seeing one of these symptoms, check the relevant category first.

Other firewall or security plugins

Two security plugins each running their own firewall produce overlapping blocks, conflicting allowlists, and confusing logs. The fix is to pick one and remove the other; see the Compatibility article for the migration procedure.

Caching plugins serving stale admin pages

Symptom: settings appear not to save, or save but show the old value. Cause: the caching plugin is caching admin pages, which it should not do. Fix: configure the caching plugin to exclude /wp-admin/ and pages with the logged-in cookie. All major caching plugins do this by default; if you have customized the cache rules, that is where the issue lives.

Page builders triggering firewall rules

Symptom: page builder cannot save certain content. Cause: the content the builder is posting matches a firewall rule. Fix: while logged in as an administrator, trigger the save once, then use the “Add to allowlist” button on the firewall block page (or do it from Tools → Live Traffic) to whitelist the URL/parameter pair the builder uses.

Login-related plugins competing with 2FA

Symptom: 2FA prompts do not appear, or appear at the wrong time. Cause: another plugin is filtering the login form or hijacking the WordPress login redirect. Fix: identify the plugin (use the isolation procedure) and choose between the two; rarely is it useful to have multiple login modifications active at once.

WP-Cron blockers

Symptom: scans never start. Cause: a performance or security plugin disables WP-Cron, but no replacement cron is set up. Fix: install a real cron job that calls wp-cron.php on a schedule (covered in the Scan Troubleshooting article).

SMTP / email plugins changing the From address

Symptom: alert emails are not delivered. Cause: an SMTP plugin is rewriting the From address to something the receiving server rejects. Fix: configure the SMTP plugin to allow VMP Security’s alert From address, or use a From address on a domain you control.

Workarounds

If you have identified a conflict but cannot remove either piece of software (because both are doing something you need), you have three options:

  1. Adjust configuration. Sometimes a small change in either plugin’s settings sidesteps the conflict.
  2. Use VMP Security’s allowlists. If the conflict is the firewall blocking legitimate traffic from the other plugin, allowlist the specific request pattern.
  3. Use the API. If you have development resources, the VMP Security API (covered in its own article) can be used to filter behavior in ways that the admin UI cannot. For example, conditionally bypass a specific firewall rule for requests originating from a specific plugin.

Avoid disabling the firewall or other security features broadly as a workaround — that is trading a real security defense for the convenience of using two specific plugins together.

Reporting a confirmed conflict

If the conflict is reproducible and you have identified the conflicting plugin, please open a support ticket with:

  • The name and version of both plugins.
  • The WordPress version, PHP version, and host.
  • Steps to reproduce the issue from a clean install.
  • The exact symptom — error messages, blocked requests, missing functionality.
  • Any workaround you have found.

Reproducible conflicts get added to our compatibility-testing matrix so we catch them in future releases. Non-reproducible reports are harder for us to act on, so a clean reproduction is the most valuable thing you can include.

Contents