Download the 60+ page eBook on WordPress SEO along with bonuses.

How to Easily Fix the nonce_failure Error in WordPress

While working on your WordPress website, you may sometimes encounter an unexpected “nonce_failure” error message. This error could occur while working in the theme editor or while performing a routine function like deleting a post or comment, etc.

Fortunately, this is one of the common WordPress errors that can be easily fixed. In this post, I will first explain what is WordPress Nonce, why the nonce failure occurs, and how you can fix it quickly.

Let’s go.

What is WordPress Nonce?

Simply put, “Nonce” means a number used once. It is a security token used by WordPress to prevent hackers from taking over your site through remote access.

In reality, Nonces are made up of letters and numbers and are appended to URLs like this:

https://exampledomain.com/wp-admin/post.php?post=564&action=trash&_wpnonce=z893fc4092

Nonces are generated automatically by WordPress when you perform certain actions in the WordPress backend like deleting a comment or trashing a post.

Although I mentioned the literal meaning of nonce as a number that is to be used only once. But the fact is that nonces are used multiple times within a time frame of 24 hours. That is, nonces have a maximum life span of one day after which they expire and are regenerated.

The time span of nonces can be controlled via the wp-config.php file.

Nonces play a very important authentication role on your WordPress website. If nonces were not used, a hacker could control your website by making your browser send a remote authentication request to WordPress which would be considered valid by it.

Why does the nonce_failure error occur and how to fix it?

The primary reason for the nonce_failure is an authentication error because WordPress failed to authenticate the nonce token. Therefore it displays the nonce_failure message to prevent any remote attack on your website.

Clear your cache

The first thing to do is to clear your site cache since the cache could be sending an expired nonce to WordPress resulting in the nonce_failure error.

Once the cache is cleared, repeat the action (like trashing a post or deleting a comment) that had resulted in the nounce_error. Most probably, the error should be resolved. But if it recurs, then try out the next fix.

Disable the plugins

A plugin could also cause the nounce_failure WordPress error. So, disable all the plugins and reactivate them one by one, each time repeating the action that resulted in the error.

If the error occurs upon activation of a particular plugin, you should update the plugin (if updates are available) or replace it with another plugin. You can also inform the plugin developer about the bug that you discovered.

Set custom cache rules in Cloudflare

If your site is using the Cloudflare service, then setting custom page rules could help. Under the Rules menu in Cloudflare, go to Page Rules.

Then set Cache Level to Bypass for the following two URLs:

www.yourdomain.com/wp-admin

www.yourdomain.com/wp-login.php

Follow the image below for further clarity.

Cloudflare nonce_failure page rule WordPress

Summary

You’ve gone through 3 solutions for the WordPress nonce_failure error. Hopefully, one of these worked for you. If you still experience the error, you can order our affordable WordPress troubleshooting service to fix the error for you.

I look forward to your feedback in the comments below.

You might also like:

About Trishan Mehta

Trishan Mehta is a WordPress fanatic since 2009. When not WordPressing, he is busy exploring hidden natural getaways whenever he can grab an opportunity. You can grab his WordPress SEO eBook to get up to speed with WordPress SEO.

1 thought on “How to Easily Fix the nonce_failure Error in WordPress”

  1. Why would I get a “Nonce verification failed.” message when merely trying to leave a comment on a site to which I have no other connection?

    I did have a WP account long ago, but others ran the site in question, without needing my help, and I suspect my registration has long expired (I first tried that comment with another email address, then the one that has apparently expired (used with this question); both failed with the same message).

    Reply

Leave a Comment