Support Forum
Support Forum
Offline
I am currently beta-testing my site. Someone tried to post to the forum and got an "Ajax" error, access denied.
Any idea why? I'm not a coder - and this is my first time working with WP on this scale. Appreciate any help or advice.
If you need access to take a look, I can PM the details.
Thanks,
Tom
Offline
Don't need access at the moment although a link to the forum page could be useful.
But it would be useful to have some more information regarding the steps the user was going through when they saw this message, the exact step they had just made when it showed up, where and how it displayed and the exact text of the message. Can you find out more detail?
 |
YELLOW
SWORDFISH
|
Offline
I was able to duplicate the error - I attempted to add a topic to a forum and when I submitted, the screen came up with:
Access Denied - ajax nounce check failed
Do you need to log in? (Log In)
I get the same response when I try to reply to a topic.
The member has to be signed in, because the forum is protected with Wishlist. I will PM you an account that you can use to see the forum.
Offline
Oh dear this is a first!
The 'nonce' is a WordPress security feature recommended for use in all forms. It is essentially a unique numeric key that is posted with a form submission and then recreated (again by WP) in the processing of the POST variables to ensure that the form submission came from the same user/place.
I don't believe we have ever had a user for which this has failed so the key to this will be to find what in your environment may be responsible.
So - I can think of two places to get started. Firstly what other WP plugins are you using? And specifically are you using any security related plugins.
Secondly - can you find out whether your hosting company has imposed the mod_security module on your website and of so, perhaps ask if they could turn it off while you perform a test.
|
YELLOW
SWORDFISH
|
Offline
On the Forum, I have the Admin Bar and the profanity filter.
On WordPress, I have
My Page Order
SimplePress
and Wishlist.
Wishlist is the only security related plugin.
Talked with GoDaddy who hosts the account and the security module is on the domain. They told me I can disable it with an htaccess code. I am familiar with that style file - but not how to create it. Like I said earlier - I am a total novice at this kind of thing...
Appreciate your patience with me on this - and your help!
Tom
Offline
OK. Well WordPress will try and create an .htaccess file for you if you turn on their 'pretty' permalinks - or - you can create it manually.
Default permalinks like you are currently using are considered ugly and not SEO 'friendly' so you may want to go to the WP permalinks panel and change them. The 'postname' option is a good one and one we use here. IF your root folder (i.e., where your wp-config.php is located) is writable, WP will create an .htaccess file for you there.
If it can't do it it will display a message accordingly and inform you what to do.
Either way - it will require a file called .htaccess in the root folder (Note the dot at the beginning which denotes an invisible file). To turn off the mod_security, it needs the following entry:
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
And we will see if this is a factor after you reload and retry posting.
|
YELLOW
SWORDFISH
|
Offline
I apologize, but I am confused. I went to the WP Permalinks panel - I'm attaching a pic of the settings - it shows the Postname IS set already. Could the "ugly" be caused by the fact the forum is behind Wishlist's protection?
I went to my ftp root folder and found an .htaccess file. It reads:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Before I add the code you gave me and screw it up further - can you tell me where in the file I insert this information? Again, sorry for the questions - I appreciate the help and don't want to cause extra issues!!!
Tom
Offline
Apologies - I confused your site with another I was looking at around the same time.
You can paste those lines in anywhere. Suggest at the end if the current contents.
|
YELLOW
SWORDFISH
|
Offline
I would post them outside the mod_write section, but Andy is right, anywhere is fine...
default permalinks will have nothing to do with wishlist member... the forum page will still use the custom permalinks defined... fyi, we run wishlist member here... the stuff you see in the .htaccess is the wp rules for custom permalinks... it would not exist if wp was running default...
so perhaps you could explain what is causing you to think default permalinks? the forum url? a link to the site would be useful...
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa - I believe Andy was refering to a different site. My PermaLinks seem to be fine.
I added the code to my .htaccess and want to report the problem seems to be solved! (At least I think so.)
I will get my beta testers on the forum and see what happens. Will let you know soon.
Again, thanks for the help gentlemen.
Tom
All RSS1 Guest(s)