OnlyTheOnline
Log in
Get Help Now
errorWordfenceapiREST APIinfoajaxcodejsonsecurityfirewallsettingsserver_configurationstar_halfUncommonwarningModerate

Wordfence error: Unexpected token < in JSON

Wordfence sends JSON responses for admin‑ajax and REST API calls. When the server delivers an HTML document instead, the first character is ‘<', which breaks JSON.parse.

Sources include server‑level firewalls, mis‑configured .htaccess rules, PHP fatal errors, expired nonces, or aggressive Wordfence blocking. The response appears as an HTML login screen, 404 page, or security block.

Symptoms

[dashicons-warning]
JavaScript console error
SyntaxError: Unexpected token < in JSON at position 0 appears in the console.
[dashicons-admin-generic]
Admin AJAX actions fail
Scan, block IP, or settings updates do not respond.
[dashicons-admin-site]
Live Traffic panel stays blank
Wordfence Live Traffic or Blocking panels never finish loading.
[dashicons-admin-tools]
REST API reports unexpected result
Site Health shows an error for the REST API.

Common Causes

HTML error page returned
Server sends a 404, 500, or maintenance page instead of JSON.
ModSecurity or server firewall block
Access denied page is delivered by a web‑application firewall.
Wordfence firewall rule
Rate‑limiting or country block injects an HTML warning.
PHP fatal error or warning
Uncaught error outputs HTML before the JSON payload.
Invalid nonce
WordPress returns a login screen when nonce verification fails.
Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Get this issue fixed

Success Rate

100% Guaranteed

Starting from

$35 /hour
99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

contact_mail
Contact Form 7: REST API request failed: 503 Service Unavailable
A 503 Service Unavailable response stops Contact Form 7 from sending data...
apiREST APIerror503descriptioncontact-form-7
contact_mail
Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration
contact_mail
Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401
contact_mail
Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7
contact_mail
Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration
contact_mail
Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7