Invalid security nonce (can’t login / register to my website, or other Ajax requests)

You are here:
Estimated reading time: 1 min

Most of the times, this happens when a caching solution is active on the website an the fact that they’re caching the security nonces.

Nonces are security tokens in WordPress. They get printed into the HTML source code.

Nonces can only be used once (hence “n once”), and they are only valid for a certain length of time: 12 hours by default, but developers can change that value.

On a cached page, the nonce can expire in the background while its ID is still present in the HTML source code of the page. If that happens, the HTML source is referencing an invalid nonce and things break.

This can affect all kinds of functionality, from form validation to the visual appearance of the page.

The fix is to look into your caching plugin’ settings and locate the Cache Lifespan options and change it to 8hr or less.

Recommended solutions:

In WP Rocket decrease the cache lifespan eg: https://d.pr/i/Tm0TmK .

In LiteSpeed, access settings and click on “Show Advanced Options” tab. Click on the tab ESI and enable it eg: https://d.pr/i/O99rMH . Make sure to purge all caches.

More about this topic:

Was this article helpful?
Dislike 1
Views: 827

Suggest article improvements

Please use this form to suggest improvements and report missing or outdated content. Support requests will most likely not be answered and it's best to use the Support Request Form instead. Thanks!