Support » Plugin: Jetpack by WordPress.com » Could Not Validate Security Token

  • Resolved joneiseman

    (@joneiseman)


    I tried disabling all plugins but Jetpack still cannot connect. I tried uninstalling Jetpack and reinstalling again but that didn’t help. I tried using a really simple .htaccess file with just the minimum needed for WordPress but that also didn’t help.

    On the Jetpack debug page it says: “Could not validate security token”

    On the debug page for Jetpack in the WordPress admin page I see the following:

    SELF
    Array
    (
        [headers] => Requests_Utility_CaseInsensitiveDictionary Object
            (
                [data:protected] => Array
                    (
                        [server] => nginx
                        [date] => Thu, 31 Jan 2019 14:11:49 GMT
                        [content-type] => text/plain;charset=utf-8
                        [expires] => Wed, 11 Jan 1984 05:00:00 GMT
                        [cache-control] => no-cache, must-revalidate, max-age=60
                        [x-hacker] => Jetpack Test
                        [x-ac] => 4.ord _dca
                        [strict-transport-security] => max-age=15552000
                    )
    
            )
    
        [body] => {"error":"Could not validate security token","error_description":"We were unable to validate a security token for Jetpack communication. Please try disconnecting Jetpack from your WordPress.com account, and connecting it again."}
        [response] => Array
            (
                [code] => 400
                [message] => Bad Request
            )
    
        [cookies] => Array
            (
            )
    
        [filename] => 
        [http_response] => WP_HTTP_Requests_Response Object
            (
                [response:protected] => Requests_Response Object
                    (
                        [body] => {"error":"Could not validate security token","error_description":"We were unable to validate a security token for Jetpack communication. Please try disconnecting Jetpack from your WordPress.com account, and connecting it again."}
                        [raw] => HTTP/1.1 400 Bad Request
    Server: nginx
    Date: Thu, 31 Jan 2019 14:11:49 GMT
    Content-Type: text/plain;charset=utf-8
    Transfer-Encoding: chunked
    Connection: close
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=60
    X-hacker: Jetpack Test
    X-ac: 4.ord _dca
    Strict-Transport-Security: max-age=15552000
    
    {"error":"Could not validate security token","error_description":"We were unable to validate a security token for Jetpack communication. Please try disconnecting Jetpack from your WordPress.com account, and connecting it again."}
                        [headers] => Requests_Response_Headers Object
                            (
                                [data:protected] => Array
                                    (
                                        [server] => Array
                                            (
                                                [0] => nginx
                                            )
    
                                        [date] => Array
                                            (
                                                [0] => Thu, 31 Jan 2019 14:11:49 GMT
                                            )
    
                                        [content-type] => Array
                                            (
                                                [0] => text/plain;charset=utf-8
                                            )
    
                                        [expires] => Array
                                            (
                                                [0] => Wed, 11 Jan 1984 05:00:00 GMT
                                            )
    
                                        [cache-control] => Array
                                            (
                                                [0] => no-cache, must-revalidate, max-age=60
                                            )
    
                                        [x-hacker] => Array
                                            (
                                                [0] => Jetpack Test
                                            )
    
                                        [x-ac] => Array
                                            (
                                                [0] => 4.ord _dca
                                            )
    
                                        [strict-transport-security] => Array
                                            (
                                                [0] => max-age=15552000
                                            )
    
                                    )
    
                            )
    
                        [status_code] => 400
                        [protocol_version] => 1.1
                        [success] => 
                        [redirects] => 0
                        [url] => https://jetpack.wordpress.com/jetpack.testsite/1/?url=https://www.classical-scene.com/xmlrpc.php
                        [history] => Array
                            (
                            )
    
                        [cookies] => Requests_Cookie_Jar Object
                            (
                                [cookies:protected] => Array
                                    (
                                    )
    
                            )
    
                    )
    
                [filename:protected] => 
                [data] => 
                [headers] => 
                [status] => 
            )
    
    )
    • This topic was modified 8 months, 2 weeks ago by  joneiseman.

    The page I need help with: [log in to see the link]

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    We’re being blocked from accessing https://www.classical-scene.com/xmlrpc.php via cURL which Jetpack requires to function.

    When we run:

    curl -A "Jetpack by WordPress.com" -is -H 'Content-Type: text/xml' --data '<?xml version="1.0"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>' 'https://www.classical-scene.com/xmlrpc.php' && echo

    We simply get a blank response.

    So you can check your server error logs, that particular test was reported on the server at Thu, 31 Jan 2019 20:09:12 GMT

    Unfortunately, blocking XML-RPC is not a great solution for fighting security risks. It’s akin to selling your car because you don’t want it to be stolen.

    Your site’s XML-RPC file is kind of like a communication gateway to your site. Jetpack, the WordPress Mobile Apps, and other plugins and services will use this file to communicate to your site. If this is blocked, you will have other issues pop-up down the road for the same reasons.

    If you are using any security plugins, please try connecting with those temporarily deactivated. If you don’t have any, or if that didn’t work, I would suggest contacting your hosting provider and asking them to unblock your site’s XML-RPC. The most popular hosting providers out there have managed to find other ways to protect their servers without having to hinder your site and your ability to use services with your WordPress.

    If they refuse to make any changes, and if you want to use apps and plugins like Jetpack, I’d suggest looking for a new host. Here are a few hosts we recommend: https://jetpack.com/hosting/

    That’s not the problem since I already allowed xml-rpc for Jetpack (it’s was an exception for Jetpack). This came from the AIOWPS plugin. Anyway, I disabled the blocking of XML-RPC completely. So, if you try it again you will see it now works. However, Jetpack is still failing to validate the security token. By the way, the error that you see when Jetpack can’t communicate with the site through xml-rpc is not the same.
    Here’s the message you get if it can’t connect:

    Jetpack not connected
    We were unable to find a Jetpack instance on your site. Please connect Jetpack to your WordPress.com account from within your WordPress admin.

    In my case, it’s a different error (can’t validate the security token).

    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    Not being able to validate the security token is just another type of connection error. 🙂

    We’re still getting the empty response on cURL. If you did disable AIOWPS’s xmlrpc.php block, then something else must be blocking us.

    I just tried it myself and it worked for me.

    https://www.dropbox.com/s/dhri38euurueg87/xmlrpc.png?dl=0

    I also tried with curl:

    adapti24@usm90 # curl -A ‘Jetpack by WordPress.com’ -d ‘<methodCall><methodName>demo.sayHello</methodName></methodCall>’ https://www.classical-scene.com/xmlrpc.php
    <?xml version=”1.0″ encoding=”UTF-8″?> <methodResponse> <params><param> <value> <string>Hello!</string> </value></param> </params> </methodResponse>

    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    The file definitely works fine when viewed in browser, otherwise I would have highlighted that first.

    When you ran the cURL, did the server respond with “Hello!” or just a blank response?

    The query is specifically designed to return this response if xmlrpc.php if properly accessible:

    <?xml version="1.0" encoding="UTF-8"?>
    <methodResponse>
      <params>
        <param>
          <value>
          <string>Hello!</string>
          </value>
        </param>
      </params>
    </methodResponse>

    The XML you show is exactly what I got when I issued the Curl command.

    <?xml version="1.0" encoding="UTF-8"?> <methodResponse> <params><param> <value> <string>Hello!</string> </value></param> </params> </methodResponse>

    I tried it from a different Linux machine (different IP address) and I see the same XML response (with Hello!).

    • This reply was modified 8 months, 2 weeks ago by  joneiseman.
    • This reply was modified 8 months, 2 weeks ago by  joneiseman.
    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    Hm, very odd, I can’t figure out why we aren’t seeing the same.

    Alright, let’s start ruling some things out, starting with the stored data in Jetpack’s settings.

    Please try deleting Jetpack specifically from the Plugins section of your blog’s Dashboard.

    This will clear out Jetpack’s settings, and it may work properly after a reinstall.

    Look at my original post in this thread:

    I tried disabling all plugins but Jetpack still cannot connect. I tried uninstalling Jetpack and reinstalling again but that didn’t help. I tried using a really simple .htaccess file with just the minimum needed for WordPress but that also didn’t help.

    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    Whoops, my mistake, thanks for the reminder! 🙂

    Does your server error log report anything on this timestamp? Thu, 31 Jan 2019 23:15:23 GMT

    Here’s what I see in the access log:
    [31/Jan/2019:17:15:23 -0600] “POST /xmlrpc.php HTTP/1.0” 200 148 “-” “Jetpack by WordPress.com”

    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    Well, that’s good at least. 🙂

    Would you please list the other plugins you’re running?

    I disabled all the plugins except for JetPack and GigPress and Classic Editor and I still see the problem.

    It still says:
    unknown_token: It looks like your Jetpack connection is broken. Try disconnecting from WordPress.com then reconnecting.

    Plugin Contributor James Huff

    (@macmanx)

    Volunteer Moderator

    Just for the sake of checking, does it work with GigPress temporarily disabled?

    I solved the problem. I found the solution here:
    https://jetpack.com/support/getting-started-with-jetpack/troubleshooting-tips/

    Troubleshooting tip #7 says to go to the WordPress admin panel then go to Jetpack->Dashboard->Connections->Manage Site and then click on Disconnnect. Then go through the setup process.

    After doing this the site is connected again.

    After making this change I could put back the blocking of xml-rpc from sites other than Jetpack (in AIOWPS) and the connection is still working.

    Deleting the plugin and reinstalling did not solve the problem. I wasn’t aware of this method for disconnecting and reconnecting.

    • This reply was modified 8 months, 2 weeks ago by  joneiseman.
Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Could Not Validate Security Token’ is closed to new replies.