Title: Authorization problem
Last modified: July 6, 2026

---

# Authorization problem

 *  Resolved [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 6 days ago](https://wordpress.org/support/topic/authorization-problem-5/)
 * Hello, I’m getting this error in the chat room visitor messages. Even though 
   auto-join is enabled, it won’t let me in. I also get this error when I click 
   the “Chat as visitor” button. What could be the reason? Authorization failed.
   Please check if you are still authorized on this website.

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 6 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18957120)
 * And another problem. I want only subscribers to be visible in the general chat
   room, but guests are also visible. Moreover, even though I delete all participants,
   after a while the entire list is filled with old participants again.
 *  Plugin Support [Andrij Tkachenko](https://wordpress.org/support/users/andrijtkachenko/)
 * (@andrijtkachenko)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18957658)
 * Hello,
 * This error message means WordPress itself rejected the request’s security token(
   REST nonce) — Better Messages never even got the chance to check the guest’s 
   authorization.
 * In practice this is nearly always caused by a page-caching plugin or server-level
   cache serving visitors HTML that is older than the WordPress nonce lifetime (
   12–24 hours), or serving a page that was cached under a different login context.
 * Could you tell me which caching / optimization / security plugins are active 
   on your site (or any hosting-level cache or firewall like Cloudflare, LiteSpeed,
   WP Rocket)?
 * As a workaround: exclude the pages containing chat rooms from full-page caching,
   or set the cache lifetime below 12 hours.
 * Regarding participants reappearing after you delete them: that is the “Auto join”/“
   Auto add” feature working as designed — room membership is continuously reconciled,
   so manual deletion is always undone. To keep specific people out, ban them inside
   the chat room (bans are respected by auto add), or disable auto join and use “
   Auto exclude” together with a restricted “Who can join” list.
 * For a subscribers-only room: set “Who can join” to Subscriber, disable guest 
   access for that room, and enable “Only joined users can read messages” — otherwise
   anyone who can open the page can still read the messages.
   Thanks!
 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958002)
 * LiteSpeed ​​plugin is active. I disabled cache for the page, but the problem 
   persists. Sometimes it works, sometimes it doesn’t; I don’t understand why.
 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958008)
 * wp-json/better-messages/v1/thread/12?nocache=1783409252816 wp-json/better-messages/
   v1/chat/29181/join?nocache=1783409254069 wp-json/better-messages/v1/chat/29181/
   join?nocache=1783409254069 wp-json/better-messages/v1/checkNew?nocache=1783409267204
 * Many things like this give a 403 forbidden error.
 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958019)
 * The problem was related to .htaccess; it was fixed after installing the default
   settings.
 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958028)
 * I don’t understand why this is caused by the LiteSpeed ​​Cache plugin. The system
   works when I disable the plugin, but how do I use it with the cache enabled?
    -  This reply was modified 1 week, 5 days ago by [pablito201](https://wordpress.org/support/users/pablito201/).
 *  Thread Starter [pablito201](https://wordpress.org/support/users/pablito201/)
 * (@pablito201)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958060)
 * marker LOGIN COOKIE start
 * RewriteRule .? – [E=”Cache-Vary:,wp-postpass_94f1a9c56161f3a3491ef5374a6bb13a”]
   marker LOGIN COOKIE end
 * This code is causing the problem, but it’s reapplied when LiteSpeed ​​saves the
   settings.
 *  Plugin Support [Andrij Tkachenko](https://wordpress.org/support/users/andrijtkachenko/)
 * (@andrijtkachenko)
 * [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958440)
 * Hello,
 * Thanks for the details.
 * LiteSpeed caches pages on the server level. The chat page contains a WordPress
   security token which is valid only for 12-24 hours, so when LiteSpeed serves 
   an old cached copy of the page, WordPress rejects all chat requests with this
   error. That Cache-Vary line is added by LiteSpeed Cache itself, so it will always
   come back after saving its settings – it is not something broken in your .htaccess.
 * If you want to keep LiteSpeed enabled, exclude pages with chat from caching in
   LiteSpeed Cache settings and do “Purge All” after that.
 * I will also try to improve guest handling in one of the next updates.

Viewing 8 replies - 1 through 8 (of 8 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fauthorization-problem-5%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/bp-better-messages/assets/icon-256x256.png?rev=2835105)
 * [Better Messages - Chat Rooms, Group Chat, Private Messages & AI Chat Bots](https://wordpress.org/plugins/bp-better-messages/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/bp-better-messages/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/bp-better-messages/)
 * [Active Topics](https://wordpress.org/support/plugin/bp-better-messages/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bp-better-messages/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bp-better-messages/reviews/)

 * 8 replies
 * 2 participants
 * Last reply from: [Andrij Tkachenko](https://wordpress.org/support/users/andrijtkachenko/)
 * Last activity: [1 week, 5 days ago](https://wordpress.org/support/topic/authorization-problem-5/#post-18958440)
 * Status: resolved