Error rescue

"Updating failed. The response is not a valid JSON response." — WordPress fix

By Ali Yasin Jatoi 6 min readUpdated July 2, 2026
Reviewed by Ali Yasin Jatoi, Founder & Lead Engineer· Updated July 2, 2026

Quick answer

"Updating failed. The response is not a valid JSON response" means the WordPress block editor tried to save via the REST API and got HTML back instead of JSON — usually a 404, redirect, or security-plugin block. Fix in order: (1) resave permalinks at Settings → Permalinks, (2) confirm the WordPress Address (URL) matches Site Address exactly, (3) check that a security plugin or CDN isn't blocking /wp-json/, (4) inspect the browser Network tab to see what the REST endpoint actually returned.

What the error actually means

The block editor (Gutenberg) saves posts by calling the WordPress REST API at /wp-json/wp/v2/posts. It expects a JSON response back. When it gets anything else — an HTML 404 page, a redirect to HTTPS, a security-plugin block page, or a login screen — it can't parse the response, so it throws "not a valid JSON response".

The error is a symptom, not the cause. The real question is what the REST API returned instead of JSON. Ninety-five percent of the time it's one of four things below.

Fix #2 — Check WordPress URL vs Site URL

Go to Settings → General. The "WordPress Address (URL)" and "Site Address (URL)" fields must match exactly — both HTTPS, both with or without www, no trailing slashes.

If they mismatch (one is https://example.com, the other is https://www.example.com), the REST call gets 301-redirected on save and the block editor sees HTML redirect content instead of JSON.

Fix both to the exact canonical version of your domain, save, hard-refresh, try again.

Prefer we just fix it?

This exact error is what our flat-fee website repair service resolves — most fixes ship in under 60 minutes, no retainer, no lock-in. Learn more about flat-fee website repair or grab a slot below.

Fix #3 — A security plugin or CDN is blocking /wp-json/

Wordfence, iThemes Security, SiteGround Security, All-In-One WP Security, and many host-level WAFs let you "disable REST API for non-authenticated users". If enabled, the block editor's authenticated requests still get blocked because the plugin's rule is too broad.

Temporarily deactivate your security plugin, try saving a post. If it works, re-enable the plugin and find the REST API restriction — whitelist /wp-json/wp/v2/ for logged-in users, or disable that specific rule.

Cloudflare is another common culprit: a WAF rule can block POST requests to /wp-json/ if you enabled the WordPress managed ruleset with aggressive settings. Check Cloudflare → Security → WAF → Managed Rules and disable the WordPress rule temporarily to test.

Fix #4 — Inspect the Network tab to see the real response

If none of the above worked, this is the diagnostic that finds the exact cause every time.

Open the post in the block editor. Open browser DevTools (F12 → Network tab). Click "Update" on the post. Look for the request to /wp-json/wp/v2/posts/[ID]. Click it, then look at the Response tab.

If you see HTML: read the first few lines. A 404 page means permalinks (fix #1). A login form means an auth issue — clear cookies and log back in. A Cloudflare/Sucuri block page means the WAF (fix #3). A PHP fatal error means a broken plugin (deactivate plugins one at a time).

This one 30-second check tells you exactly which fix to apply. It's the diagnostic every engineer runs first.

When to call for help

If you've resaved permalinks, matched URLs, disabled security plugins, and the Network tab still shows a weird response — the issue is likely at the host or server level (mod_security, PHP-FPM misconfig, nginx rewrite rule missing). Fixing that means shell access and knowing what you're editing.

WebCare Studios includes REST API and block editor fixes on every care plan. If you'd rather have an engineer just fix it, we can usually resolve this in under 15 minutes.

Common questions

How do I fix "updating failed the response is not a valid JSON response" in WordPress?+

Try in order: (1) go to Settings → Permalinks and click Save Changes to rebuild rewrite rules, (2) confirm WordPress Address and Site Address in Settings → General match exactly (same protocol, same www/non-www), (3) temporarily disable security plugins that might block the REST API, (4) open browser DevTools Network tab and inspect the actual response from /wp-json/wp/v2/posts to see the real cause.

Why does the WordPress block editor say "not a valid JSON response"?+

The block editor saves via the WordPress REST API and expects JSON back. This error means it got something else — HTML from a 404 page, a redirect, a security plugin block page, or a login screen. The most common causes are broken permalink rewrite rules and mismatched WordPress/Site URLs.

Does the classic editor have the JSON response error?+

No. The classic editor saves via admin-post.php, not the REST API, so it isn't affected. If you need to publish an urgent post while you fix the underlying issue, install the Classic Editor plugin as a temporary workaround.

Can Cloudflare cause the WordPress JSON response error?+

Yes. Cloudflare's WordPress managed WAF ruleset can block POST requests to /wp-json/ when set to aggressive. Check Cloudflare dashboard → Security → WAF → Managed Rules, temporarily pause the WordPress ruleset, and try saving again. If that fixes it, whitelist /wp-json/wp/v2/ for authenticated users or lower the rule sensitivity.

How do I check if the REST API is working on my WordPress site?+

Visit https://yourdomain.com/wp-json/ in a browser. You should see a JSON response listing available endpoints. If you see a 404 page, HTML, or a redirect — that's your problem, and it's why the block editor throws "not a valid JSON response". Fix permalinks and URL settings first.

Want help with this?

The pages below go deeper, by service and by city.

Want this handled for you?

Book a call and we will review your site before recommending anything.

Call Book a call