Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
Ajax Error?
Avatar
Thomas Crowl
Member
sp_UserOfflineSmall Offline
Mar 16, 2012 - 9:57 am

I am currently beta-testing my site.  Someone tried to post to the forum and got an "Ajax" error, access denied.

Any idea why?  I'm not a coder - and this is my first time working with WP on this scale.  Appreciate any help or advice.

 

If you need access to take a look, I can PM the details.

 

Thanks,

Tom

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 16, 2012 - 10:17 am

Don't need access at the moment although a link to the forum page could be useful.

But it would be useful to have some more information regarding the steps the user was going through when they saw this message, the exact step they had just made when it showed up, where and how it displayed and the exact text of the message. Can you find out more detail?

andy-signature.png
YELLOW
SWORDFISH
Avatar
Thomas Crowl
Member
sp_UserOfflineSmall Offline
Mar 16, 2012 - 11:03 am

I was able to duplicate the error - I attempted to add a topic to a forum and when I submitted, the screen came up with:

Access Denied - ajax nounce check failed

Do you need to log in? (Log In)

 

I get the same response when I try to reply to a topic.

 

The member has to be signed in, because the forum is protected with Wishlist.  I will PM you an account that you can use to see the forum.

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 16, 2012 - 11:42 am

Oh dear this is a first!

The 'nonce' is a WordPress security feature recommended for use in all forms. It is essentially a unique numeric key that is posted with a form submission and then recreated (again by WP) in the processing of the POST variables to ensure that the form submission came from the same user/place.

I don't believe we have ever had a user for which this has failed so the key to this will be to find what in your environment may be responsible.

So - I can think of two places to get started. Firstly what other WP plugins are you using? And specifically are you using any security related plugins.

Secondly - can you find out whether your hosting company has imposed the mod_security module on your website and of so, perhaps ask if they could turn it off while you perform a test.

andy-signature.png
YELLOW
SWORDFISH
Avatar
Thomas Crowl
Member
sp_UserOfflineSmall Offline
Mar 16, 2012 - 12:12 pm

On the Forum, I have the Admin Bar and the profanity filter.

On WordPress, I have

My Page Order

SimplePress

and Wishlist.

Wishlist is the only security related plugin. 

Talked with GoDaddy who hosts the account and the security module is on the domain.  They told me I can disable it with an htaccess code.  I am familiar with that style file - but not how to create it.  Like I said earlier - I am a total novice at this kind of thing...

Appreciate your patience with me on this - and your help!

Tom

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 16, 2012 - 2:59 pm

OK. Well WordPress will try and create an .htaccess file for you if you turn on their 'pretty' permalinks - or - you can create it manually.

Default permalinks like you are currently using are considered ugly and not SEO 'friendly' so you may want to go to the WP permalinks panel and change them. The 'postname' option is a good one and one we use here. IF your root folder (i.e., where your wp-config.php is located) is writable, WP will create an .htaccess file for you there.

If it can't do it it will display a message accordingly and inform you what to do.

Either way - it will require a file called .htaccess in the root folder (Note the dot at the beginning which denotes an invisible file). To turn off the mod_security, it needs the following entry:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

And we will see if this is a factor after you reload and retry posting.

andy-signature.png
YELLOW
SWORDFISH
Avatar
Thomas Crowl
Member
sp_UserOfflineSmall Offline
Mar 16, 2012 - 5:49 pm

I apologize, but I am confused.  I went to the WP Permalinks panel - I'm attaching a pic of the settings - it shows the Postname IS set already.  Could the "ugly" be caused by the fact the forum is behind Wishlist's protection?

 

I went to my ftp root folder and found an .htaccess file. It reads:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

 

Before I add the code you gave me and screw it up further - can you tell me where in the file I insert this information?  Again, sorry for the questions - I appreciate the help and don't want to cause extra issues!!!

Tom

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Mar 16, 2012 - 6:21 pm

Apologies - I confused your site with another I was looking at around the same time.

You can paste those lines in anywhere. Suggest at the end if the current contents.

andy-signature.png
YELLOW
SWORDFISH
Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Mar 16, 2012 - 8:41 pm

I would post them outside the mod_write section, but Andy is right, anywhere is fine...

default permalinks will have nothing to do with wishlist member...  the forum page will still use the custom permalinks defined... fyi, we run wishlist member here...  the stuff you see in the .htaccess is the wp rules for custom permalinks... it would not exist if wp was running default...

so perhaps you could explain what is causing you to think default permalinks?  the forum url?  a link to the site would be useful...

Avatar
Thomas Crowl
Member
sp_UserOfflineSmall Offline
Mar 16, 2012 - 8:53 pm

Mr Papa - I believe Andy was refering to a different site.  My PermaLinks seem to be fine.

I added the code to my .htaccess and want to report the problem seems to be solved!  (At least I think so.)

I will get my beta testers on the forum and see what happens.  Will let you know soon.

Again, thanks for the help gentlemen. 

Tom

Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 620
Members: 17365
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10128
Posts: 79626