Are you receiving the “Nonce Validation Failed!” message while trying to submit a quiz/survey on QSM? In this article, we have explained what this means and how this issue can be fixed.
What is “Nonce” in the first place?
Nonce -> ‘n once’ are security tokens in WordPress. Thousands of WordPress plugins and themes are using nonces. They are a great way to quickly add protection against various types of hacking, particularly cross-site scripting (XSS).
Nonces can only be used once, and they are only valid for a certain length of time. In the case of QSM, this issue happens because the submit nonce, which had expired, is still cached on the webpage. WordPress nonce expires after 24 hours and till then it continues to serve old cached pages.
So, how to avoid the “Nonce Validation Failed” error you may ask.
How to fix this?
Developers cannot completely ignore using nonce in their code as using it is made necessary by WordPress. The same applies to QSM, We cannot fix this issue without removing the WP Nonce from our code.
We added the nonce in our codebase as it is recommended by WordPress coding standards. Removing the nonce from our code can make users’ websites vulnerable to potential security risks.
The only viable solution that we can suggest is of disabling the cache on quiz pages if you have installed any of the caching plugins you need to exclude the quiz pages to be cached by them.
How to Disable the cache on Quiz Pages
LiteSpeed Cache Plugin
If you are using the LiteSpeed Cache Plugin on your WordPress site. Through your WordPress dashboard navigate to LiteSpeed Cache > Cache > [4] Excludes
In the “Do Not Cache URIs” field you can enter the URL to exclude caching. Visit LiteSpeed Cache’s Exclude Tab Docs.
WP Fastest Cache
If your site uses the WP Fastest Cache Plugin then you can exclude the pages and posts with the quiz from caching by navigating to WP Fastest Cache > Exclude > Add New Rule
From the drop-down select the REQUEST_URI consisting of the page or post that has the quiz. Visit WP Fastest Cache’s Exclude Page Documentation.
Similarly, you can disable the pages and posts that house the quiz on your respective cache plugins to prevent the Nonce Validation Failed Error while saving the quiz.
SG Optimizer
If you are on SiteGround Hosting and have installed SiteGround’s SG optimizer plugin on your Production site, you need to exclude the Quiz Pages & URLs from getting cached.
The first step is to enable Dynamic Caching from SG Optimizer > Caching.
Also, From your WordPress admin dashboard go to SG Optimizer > Caching > Caching Settings and add /qsm_quiz/*
to exclude the path containing QSM quizzes.
Similarly, you can exclude Post Types from Caching by adding Quizzes & Surveys
to them.
Final Thoughts
With this in mind, we must inform you that it is not possible to fix completely this issue without removing the nonce from our code, and we have no plans to remove the nonce from our codebase as we value site security much more.
We hope this article has been relatively helpful with the suggested workarounds. However, if you still face issues with the “Nonce Validation Failed” error, we recommend that you get in touch with our support in the WordPress forum.