All-In-One Security (AIOS)If you are using the All-In-One Security (AIOS) – Security and Firewall plugin, make sure to not disable access to the WP REST API.

This plugin has a setting to disable the WP REST API access when you are not logged in. Enabling this setting will cause a 500 server error on refresh (when using facets), which causes FacetWP to malfunction.

To disable this setting, go to:

WP Security > Firewall > WP REST API > Disallow unauthorized REST requests

Disable the 'Disallow unauthorized REST requests' setting in the AIOS plugin.
Disable the “Disallow unauthorized REST requests” setting in the AIOS plugin.

See also