Support » Plugin: Easy Forms for Mailchimp » Error: Sorry, the nonce security check didn’t pass

  • Resolved Indell

    (@indell)


    Hi,

    I had this form working for several months, but now suddenly it gives this error when attempting to submit new subscriber:

    “Sorry, the nonce security check didn’t pass. Please reload the page and try again. You may want to try clearing your browser cache as a last attempt.”

    I deleted the cache and now I get this message instead:

    “Thank you for already being a subscriber! Your profile info has been updated.”

    But that is wrong. The email address I’m trying to add does not exist in the list, and it is not added during this attempt either.

    I checked and re-submitted the API key, so that should not be the problem.

    So what is the problem?

Viewing 15 replies - 1 through 15 (of 19 total)
  • Same problem here. New WordPress installation on a server, receive similar error:

    “Error: Sorry, the nonce security check didn’t pass. Please reload the page and try again. You may want to try clearing your browser cache as a last attempt.”

    I use w3-total-cache plugin. Tried to purge all caches, but the error is still on the form.

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    Hello @indell and @cscladmin,

    First – sorry for the trouble.

    @indell, the way we determine if a user is already subscribed to a list is by communicating directly with MailChimp. If MailChimp tells us a specific email already exists on a specific list, we show that message. Could you please verify that you’re looking at the correct form in WordPress and the corresponding list in MailChimp? Sorry I don’t mean to push the issue onto you/MailChimp, but I can’t imagine a way this message would display if the email wasn’t already subscribed.

    In terms of the nonce error: I’ve seen this error a few times, especially when users just updated the plugin; however, I’ve never seen the issue persist after refreshing/clearing the cache.

    @cscladmin, if the error is still persisting, could you send me a URL to your page with the form on it?

    Thanks to both of you for reaching out. I will try to resolve ASAP.
    Kevin.

    @yikesitskevin, I sent the URL in a message to your Facebook page. I just do not know how to do it here privately and don’t want to show publicly the URL to a site that is still under development. Thanks!

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    Hey @cscladmin – understood. One of my colleagues will reply to you shortly with an email address. If you don’t mind, could you email me there and we can continue this discussion via email?

    Thanks,
    Kevin.

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    Hi @cscladmin,

    I was able to successfully subscribe to the form on your site; I was not getting the nonce error. Can you try again and let me know?

    Thanks,
    Kevin.

    Hi Kevin,
    Just tried 2 different browsers (Chrome and IE 11). Chrome I signed in as the admin of that WordPress site, in IE I wasn’t signed into WP. Same error. Win 7 desktop. I will try from another computer.
    Regards,
    Eugene

    Hi Kevin,
    I do not think your subscription actually happened, I do not see you in the list on MailChimp.

    Regards,
    Eugene

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    Eugene,

    Did you clear your browsers cache? I’m guessing the issue is with w3-total-cache because I’ve seen issues with those kinds of plugins in the past (although it doesn’t explain why it worked for me and is not working for you). Is there a way to exclude files from the cache/minification method for that plugin?

    Cheers,
    Kevin.

    Verifying what I already wrote. I only have one list. Problem persists.

    Hi Kevin,
    If I open a new inprivate window in IE or new incognito window in Chrome, the form works.
    The regular IE and Chrome still have the problem. I tried to clean their cache and also switched off the w3-total-cache plugin, the error is still there… very strange
    Regards,
    Eugene

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    @cscladmin – I’m having some colleagues try to submit your form and see if they have any issues. At the moment, I’m not sure what’s going on but I don’t believe it’s an issue with our MailChimp plugin.

    @indell – looking into your issue; as I said, I’ve never seen it before and am not sure how it could happen. Are you using AJAX or non-AJAX form submission? (It’s in the submission settings sidebar on the page you edit your form).

    Kevin.

    Hi Kevin,
    I read the explanation of the WP nonces here: https://www.elegantthemes.com/blog/tips-tricks/an-introduction-to-wordpress-nonces-with-examples

    I do not see why we need it to submit data to MailChimp in a double opt-in configuration (I understand the need of nonces in a single opt-in). Is it possible to add a checkbox to disable nonces – on Easy Forms’ config screen, or even in its config file?

    Regards,
    Eugene

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    Eugene,

    Nonces are a basic security addition to form submissions when the data is being sent to your server. The nonce does not influence the interaction with MailChimp, but rather the interaction between the submitted form’s data and the handling of that data by your server (i.e. the nonce plays a role to validate a legit submission before any subscription request is sent to MailChimp).

    There is something else going on on your server that is failing – the nonce is just the side effect. I had a colleague of mine do a submission through your form and she was able to get past the nonce check, as was I (i.e. I received the double opt-in email, I just didn’t choose to opt-in).

    I pushed an unrelated update yesterday (v6.3.5). Were you able to download that? Maybe downloading the fresh 6.3.5 version will fix this?

    Let me know,
    Kevin.

    Hi Kevin,
    Yesterday I asked people on some forum to test the form and received about 50+ positive responses. They used all different browsers and had no nounce related errors. After I rebooted my computer and cleaned cache, the problem disappeared.

    So, the problem was on my end, though to prevent such situation the nounce check could be disabled for double opt-in without any harm to security.

    And yes, I updated the plugin yesterday immediately after the update became available, but that did not help to the yesterday’s issue. And actually it couldnt help. It seems my computer at the form submit did not send the nounce received from the server. Instead it sent back some old nounce that stuck in its cache and the nounce check failed.

    I understand the nonce protects forms from the cross server attack, though in case of double opt-in it is not really needed.

    Regards,
    Eugene

    Plugin Contributor yikesitskevin

    (@yikesitskevin)

    @indell,

    Now it’s just you and me! Let me know if you’re using AJAX or non-AJAX submissions. Also, could you send a URL to your form page?

    Thanks,
    Kevin.

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Error: Sorry, the nonce security check didn’t pass’ is closed to new replies.