Support » Fixing WordPress » Enable sending referrers

  • Sorry, you need to enable sending referrers, for this feature to work.
    Huh? I get this when trying to delete a post. I know it’s something with my firewall(s), but why should sending headers be required?? It seems kinda strange to absolutely require that when a lot of people are going to be denied access for that reason.
    Is there any way around this? Because if there isn’t, I either have to configure a software firewall and two hardware firewalls to permit WordPress to work, or just switch to something else!

Viewing 15 replies - 16 through 30 (of 38 total)
  • Just downloaded Firefox 1.0 and installed on Win2k. Using that browser, I can’t delete links or posts in WordPress 1.2.1–I get the popup message, then I click OK, and nothing happens. If I copy and paste the link address directly, I get a page with the same message as the subject of this thread. Using IE and clicking the delete link, and then OK in the popup, works fine. Went back to Firefox and changed various config settings (go to about:config) that had the word referrer or referer in them, but nothing worked. I’m running the latest ZoneAlarm Pro with Privacy and ID Lock controls off. Seems to be a Firefox issue?

    Thanks Josesilva,
    Your code worked perfectly and now I can remove, edit/change, links, as well as install plugins!

    Moderator James Huff


    Volunteer Moderator 🚀

    Marvinux: Sorry you are having a problem. I don’t know what the fix is for you but I have no problem running 5.0.2 and WP with what you describe. Hope you find what you need to change in your settings/files.

    that coding did the trick. I have like 3 firewalls, so its prety hard to disable all of them.

    Grrr. Are we going to get a permanent fix for this, or do I have to add this coding everytime I update my nightlies.

    I am also using ZoneAlarmPro. Once I added my site to my site list (Privacy-Site List) and enabled 3rd Party coookies, I was able to edit Links and Comments

    Just thought i point this out in case some did not know.

    If you are using Norton Internet Security, following the insturctions at
    really works. However when in keying in the name of the site, intead of keying in try keying in

    After i did this, i was able to say goodbyes to the “enable referrers” problem.

    I have none of what’s mentioned … within norton antivirus everthing is disabled.. also the windows firewall updates and other crap … i’m at a loss for what’s happening. someone talked about editing the admin-functions.php ….. is there just something i can change?

    nvm just comment out the line:
    // die(‘Sorry, you need to enable sending referrers, for this feature to ..

    just the two slashes on that line only takes care of a stupid coding error.

    The suggestion in the 2nd response (by anonymous) worked for me, but it seems a little risky. It allows the operation to proceed, no matter what domain it came from. This basically disables the protection the function was meant to provide. I’m guessing Function check_admin_referer() is there for a good reason, so simply disabling it can’t be a good idea.

    Changing the $referer value to ‘localhost’ if things don’t match up and allowing the operation to proceed lets everything pass through. A better way of handling this may be to figure out if there is a logical reason why function check_admin_referer() is blocking the operation, and to make a specific accomodation for that case, only.

    First modify the die statement to print out the $adminurl and $referer data to the screen. Then you can see what is going on and why things aren’t checking out. It is likely it is possible you can accomodate the one exception you are encountering while still protecting your site against hacking from all other referers.

    In my case, there is a good reason for $adminurl and $referer not to match up. But the way they don’t match up is consistent. So I am able to check for this known exception while blocking all other exceptions from proceeding.

    To do this, change function check_admin_referer() to the following:

    function check_admin_referer() {
    $adminurl = strtolower(get_settings(‘siteurl’)).’/wp-admin’;
    $referer = strtolower($_SERVER[‘HTTP_REFERER’]);
    if ( !strstr($referer, $adminurl) && !strstr($referer, ‘[insert the permitted exception domain name here]’) ) {
    die(‘ERROR: Forbidden. Your request for this operation must come from a permitted domain.’);

    I did some checking into this on my install, and the problem was that $adminurl was set to http://localhost/wordpress/wp-admin and $referer was set to http://localhost/wordpress/wp-admin/themes.php so the comparison fails because the referer includes the actual page which refered. This was with Apache 2.0.53, Firefox 1.0.1, and WordPress 1.5.0.

    Disabling the privacy in the firewall worked for me! I can’t thank you enough!

    This afternoon I installed a brand new WP 1.5 on a brand new database. I was into the WP admin within five minutes. But I spent the next five hours trying to figure out why I didn’t have any admin functions. My troubles began when I tried to delete the comment that came with the installation!

    I’m running WindowsXP Home and have Firefox, IE6 and NS7.2 for browsing, along with ZoneAlarm5.5.062.011.

    I tried all the solutions offered in the Troubleshooting section of the codex, not to mention some of the admin-function.php rewrites. I even went so far as to delete the wp-admin directory and re-install a fresh version.

    Nothing worked.

    Until I shut down ZoneAlarm.

    Without the firewall, I could complete any admin function flawlessly.

    Thought I would post my fix for this problem. I read and tried all the suggestions posted here and a few other places. Finally what fixed my problem was changing the WordPress address (URI): and Blog address (URI): under the Options menu. I had my web site blog url in there but changed it to just /wordpress and that fixed the problem instantly.
    WordPress address (URI): /wordpress
    Blog address (URI): /wordpress
    Maybe worth a try.

Viewing 15 replies - 16 through 30 (of 38 total)
  • The topic ‘Enable sending referrers’ is closed to new replies.