Connection Issues With Third-Party Apps

Third-party apps (mobile apps, payment gateways, CRM integrations, email marketing tools, etc.) can lose connection to your site when WP Ghost changes the REST API path, modifies AJAX paths, or enforces security headers that block their requests. Work through these checks to identify which setting is causing the conflict.

Check REST API path

Most third-party apps connect through the WordPress REST API at /wp-json/. If WP Ghost renamed this path, the app can’t find it.

  1. Go to WP Ghost > Change Paths > API Security.
  2. Check what the REST API path is set to. If it’s a custom name, either configure your third-party app to use the new path, or temporarily set it back to wp-json to test.
  3. Make sure Disable REST API access is switched off. When enabled, all REST API requests are blocked, which breaks any app that depends on the API.
Check security headers

Security headers like Content-Security-Policy and X-Frame-Options can block cross-origin requests from third-party services.

  1. Go to WP Ghost > Firewall > Header Security.
  2. Temporarily switch off Add Security Headers.
  3. Test the third-party app. If it works with headers off, re-enable headers and adjust the specific header that’s blocking the connection (usually CSP or X-Frame-Options). See Content-Security-Policy (CSP) for adding allowed domains.
Check custom AJAX path

Some plugins and apps use admin-ajax.php for communication instead of the REST API.

  1. Go to WP Ghost > Change Paths > Ajax Security.
  2. If the AJAX path is customized, try reverting it to admin-ajax.php.
  3. Switch off Hide wp-admin from Ajax path if enabled.
  4. Test the third-party app again.
Whitelist the app’s IPs or paths

If you’ve identified which path the app uses, whitelist it so WP Ghost doesn’t apply security restrictions to those requests.

  1. Go to WP Ghost > Change Paths > Whitelist Paths and add the paths the app uses (for example, /wp-json/my-app/v1/).
  2. If the app connects from a known IP address or range, go to WP Ghost > Firewall > Whitelist and add the IP.
Test after each change

Change one setting at a time and test the third-party app after each change. Clear your site’s cache between tests. This isolates which specific setting caused the conflict, so you can keep the rest of your security configuration intact.

If you’ve lost access to the admin dashboard, see the emergency disable guide.

Tagged: