Site Kit Error: “The response is not a valid JSON response” – How to Fix It

During Site Kit’s verification or connection steps, WordPress must return clean JSON from your REST API. If a security rule, redirect, cache, or server config injects HTML or blocks the endpoint, Site Kit throws “The response is not a valid JSON response.” Follow this checklist to diagnose and fix it fast.

When I try to verify/connect Site Kit by Google I get “The response is not a valid JSON response.” How do I fix this and finish setup?

Quick fixes (try these first)

Visit /wp-json/ on your site (e.g., https://example.com/wp-json/). You should see a JSON object, not an HTML page or 403/404.
Temporarily disable security/maintenance plugins (Wordfence, iThemes Security, maintenance/coming-soon) and purge all caches/CDN (e.g., Cloudflare).
Resave permalinks: Settings → Permalinks → Save (this regenerates .htaccess rules).
Force HTTPS & single domain: ensure both URLs in Settings → General are the same and use https://, no mixed http/https.
Retry Site Kit connection (Site Kit → Dashboard).

Why this happens

Site Kit relies on the WordPress REST API. If that endpoint is blocked or altered, WordPress returns HTML (login page, WAF notice, 301 redirect) instead of JSON, triggering the error. Common causes are WAF/security plugin rules, cached/HTML responses from a CDN, broken .htaccess/permalinks, or mixed-content redirects from http → https.

Step-by-step diagnosis

1) Confirm the REST API works

Open:

Your root REST endpoint: https://example.com/wp-json/
Fallback style: https://example.com/?rest_route=/

CLI check:

curl -I https://example.com/wp-json/   # Expect 200 and content-type: application/json
curl -s https://example.com/wp-json/ | head -n 5

If you see an HTML page, a 301 redirect to login, or a 403, something is intercepting the request.

2) Check Site Health

Go to Tools → Site Health → Status. Resolve any REST API or Loopback critical issues. These often pinpoint a blocking plugin, theme function, or server rule.

3) Bypass security/WAF rules (top culprit)

Temporarily deactivate security plugins and test Site Kit again. If it works, re-enable and add allow-rules for the REST API.

Allowlist REST paths in your WAF/CDN/security plugin:
- ^/wp-json/ and ^/\?rest_route=
In iThemes Security, disable aggressive filters that block “long URLs” or REST calls (common trip-wires).
Ensure your staging/basic-auth protection is off during setup (htpasswd will force HTML login responses).

4) Purge/bypass cache & CDN for JSON

Ensure your CDN does not cache or minify JSON. Create a page rule to bypass cache for /wp-json/* and then purge everything. Disable any HTML/JS optimization that might rewrite responses.

5) Fix HTTP↔HTTPS and canonical redirects

In Settings → General, set both URLs to the same https:// origin. Remove stray redirects (e.g., http://www → https:// without preserving path) that could cause the REST request to return HTML instead of JSON.

6) Repair permalinks & .htaccess (Apache)

Click Save on the Permalinks screen to regenerate rules. If needed, restore the default WordPress block:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

7) Nginx location rules

Make sure requests fall through to index.php so REST routes resolve:

location / {
    try_files $uri $uri/ /index.php?$args;
}

8) Re-run Site Kit connection (safe reset if needed)

Site Kit → Dashboard and click through the setup again.
If still failing after the fixes, use Site Kit → Settings → Admin Settings → Reset Site Kit (this disconnects services; reconnect after).

Special cases & tips

Maintenance/coming-soon plugins often return HTML to anonymous requests → disable during setup.
Firewall at host level (mod_security) can block REST parameters. Ask your host to allowlist /wp-json/* and temporarily relax rules while connecting.
Reverse proxies (Cloudflare, Nginx in front of Apache) must pass Accept: application/json and not strip auth cookies/headers for admin requests.

Variants you might see

“The REST API encountered an unexpected result” (in Site Health)
Site Kit “Check your Site Health” / “REST API blocked” notices
“The site is experiencing technical difficulties.” when calling REST

Prevent it from happening again

Keep a REST allowlist in security/WAF tooling (/wp-json/*).
Exclude JSON and REST routes from CDN caching/minification.
Standardize on HTTPS and a single canonical host.
Document any custom redirects and test /wp-json/ after changes.

Still stuck?

Re-enable WP debug logging, reproduce the error, and inspect wp-content/debug.log. Share REST/HTTP status codes with your host so they can quickly identify a blocking rule.

Need human WordPress help?

WP Assistant is a free tool created by Atiba Software, a WordPress design and development company located in Nashville, TN. If you need more personalized WordPress assistance let us know, and we’ll get back to you ASAP!