Support » Fixing WordPress » Enable sending referrers

  • Sorry, you need to enable sending referrers, for this feature to work.
    Huh? I get this when trying to delete a post. I know it’s something with my firewall(s), but why should sending headers be required?? It seems kinda strange to absolutely require that when a lot of people are going to be denied access for that reason.
    Is there any way around this? Because if there isn’t, I either have to configure a software firewall and two hardware firewalls to permit WordPress to work, or just switch to something else!

Viewing 8 replies - 31 through 38 (of 38 total)
  • I got the same problem after I tried to enable “post via email”. I’ve set up a secret eMail account, filled in the pop3 data to the options/writing panel, updated and sent an email. After that I startet wp-mail.php manually to try if it works (I just typed it to the URL line in my browser). It showed the email a.s.o. and said everything was fine.
    Then I tried to delete my test-email as admin butI couldn’t any more. I got the above mentioned enable-referer-message… I couldn’t delete any other posts either.
    I added my website to all whitelists in IE and Norton Internet Security but it didn’t help.

    I also tried Groundhog1248’s solution (/wordpress as URL in option panel) but it didn’t work for me.

    Now I just edited admin-functions.php as described above (3rd post) and thanks so much it works.

    I used this fix with 2.0 and it worked but I installed 2.0.1 today and ‘enable sending referrers’ came back. I swore. When I checked in admin.php the function check_admin_referer() isn’t there anymore. So they’ve closed the only way I can see to fix the damn problem. Anyone help, please?

    Yeah, I noticed that the fix posted can’t be applied; the file is ‘admin-functions.php’, though, not ‘admin.php’ and the developers have moved the damn function off to another php file in the system, obviously.

    I’ve posted about this problem over the past few days to my blog, twice. First, if an official solution doesn’t work first time you try it – it didn’t for me when I did my first-ever install (2.0), I had to go hunting the web – then don’t discount it forever as it may work next time you encounter the error. And believe me, if my experience is anything to go by, you’re likely to.

    At the end of last week, after I’d run the upgrade from 2.0.2 to 2.0.3, all was well. A few hours later, all was not well. The fix that time round was the firewall privacy settings which hadn’t worked the first time for me. So, all well and good. I was able to do everything again.

    Today, got up, wrote a post to my blog and the [insert foul language] error was back; not only that, but what’s doubly annoying is when you hit ‘back’ on your browser you’ve lost what you wrote, which is pretty lame. It would be marginally less irritating if you didn’t. I’d say cut and paste before every post but that’s an added layer of nuisance usually, and this error seems to pop up randomly.

    Today’s fix for me, which may or may not last, which may or may not work next time it happens, was to go into options/general, as one person above suggested and not to change the site to wordpress but to simply add a / – so, for me, became and that worked straightaway.

    I know WHY ‘you need to enable sending referrers’ but the problems it seeks to avoid are far, far outweighed by the inconvenience, frustration and anger it evokes in a huge number of WordPress users. Developers, please note: get rid of it altogether. Approach the problem from scratch. Ditch this because it cannot, CANNOT be fixed – you’ve had plenty of new versions to do so and still haven’t – so why not try approaching what you’re trying to do from a new perspective altogether. Surely you can provide the security you’re seeking to without locking out so many users from their sites? Without official solutions as likely to not work as work? Without users desperately seeking hacks which really WILL compromise the security of their blogs? I know I for one would give anything to see the back of this loathesome error. I absolutely hate it and cuss whoever thought it was a good thing to implement in the first place. Rethink! Please!

    The Spicy Cauldron

    Um, just noticed a big bug: the post above is mine; the one before it isn’t, but in my browser at least it appears that when I posted my reply to the chap who’d last written before me, my login name/website now shows next to his forum comment – making it appear I wrote it and I didn’t. His forum name/info has up and vanished. Oopsie! How on earth did THAT happen? Someone needs to look at why that’s happened. Apologies to the person who wrote that comment about going from 2.0 to 2.0.1… it wasn’t my fault, guv’nor! Honest!

    Talk about enable sending referrers… this problem seems to have security implications for the forums themselves!

    After a frustrating day of trying to beat the ‘enable referrers’ problem on WordPress 2.02 — I was able to get it to work. I’m running an Abyss Web Server X1, and I redirect port 80 to port 1025 through; I’m also running sygate pro. I wasn’t having problems until I redirected port 80, and WordPress wouldn’t let me do anything, even save options.

    – Set Url in WordPress options to ‘’ where ‘yyyy’ is the port number you will be redirecting to. You should do this while WordPress is still running on port 80. Your new port number should be 1024 or higher. In my case: ‘’

    -Configure Abyss in console to run your new port number.

    -Enable port 80 redirect with your DNS service to your new port number. In my case

    -Set firewall to allow connections on port 80 AND your new port number for abyss web server.

    That should do it. It works fine for me.

    You can test your port at

    Good luck

    I just upgraded two blogs from 1.5(whatever) to 2.0.2 and ran smack into this enable referrers problem on my husband’s computer (but not on mine, how odd). I have finally solved this by doing the following: We use Norton Antivirus on that computer, and I went into the Privacy settings and made sure that for both blog sites, 3rd party cookies and private headers were both set to “allow”. This seems to have solved the problem, at least for the moment. Worth a try for those using that firewall.

    In my case it wasn’t a firewall issue, and after a couple of hours of debugging I just made the following code chages (since the installation is on localhost):
    in POST.PHP file I replaced existing code with the following code –
    if ($_POST[‘save’]) {
    $location = $_SERVER[‘HTTP_REFERER’];
    } elseif ($_POST[‘updatemeta’]) {
    $location = $_SERVER[‘HTTP_REFERER’] . ‘&message=2#postcustom’;
    } elseif ($_POST[‘deletemeta’]) {
    $location = $_SERVER[‘HTTP_REFERER’] . ‘&message=3#postcustom’;
    } elseif (isset($_POST[‘referredby’]) && $_POST[‘referredby’] != $_SERVER[‘HTTP_REFERER’]) {
    $location = $_POST[‘referredby’];
    if ( $_POST[‘referredby’] == ‘redo’ )
    $location = get_permalink( $post_ID );
    } elseif ($action == ‘editattachment’) {
    $location = ‘attachments.php’;
    } elseif (isset($location[‘edit.php’])) {
    $location = ‘edit.php’; }
    else {
    $location = ‘edit.php’; // Raj’s addition
    header (‘Location: ‘ . $location); // Send user on their way while we keep working


    Next, I opened file pluggable-functions.php, and i replaced the current code for function ‘check_admin_referer’ with –

    if ( !function_exists(‘check_admin_referer’) ) :
    function check_admin_referer() {
    $adminurl = strtolower(get_settings(‘siteurl’)).’/wp-admin’;
    $referer = strtolower($_SERVER[‘HTTP_REFERER’]);
    if (!strstr($referer, $adminurl) && strstr($adminurl,’http://localhost’)) {
    $referer = ‘edit.php’; }
    else {
    die(__(‘Sorry, you need to enable sending referrers for this feature to work.’));


    I had problem too. Kept getting “enable sending referrers”.
    Changed the privacy setting on referrers. Now it’s working.

    Thanks everyone who contributed. Now I can move forward.


Viewing 8 replies - 31 through 38 (of 38 total)
  • The topic ‘Enable sending referrers’ is closed to new replies.