Support » Plugin: Clean Login » Failed security check

  • Resolved jaysecond

    (@jaysecond)


    Hello. I’m hoping to you could pinpoint what is happening here. When the users to our site select “Lost password”, they receive and email with a link to reset their password. However, that link gets redirected to a blank page with this message:
    “Failed security check, expired Activation Link due to duplication or date.”
    We’ve tested this with older user accounts, we’ve created new accounts, etc. The message persists each time we test it.
    If this helps, we are using wpengine, the site is SSL. We tried deactivating the plugin, resetting permissions and flushing cache.
    Any help is much appreciated! Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • jaysecond

    (@jaysecond)

    I found the solution based off some other threads.
    “Resaving” the page that contains the shortcode did the trick!

    hnuecke

    (@hnuecke)

    It did not do the trick for me ;-(

    I changed to https:// and get the same response:
    The address (may WP installation)/(page with short code)/?restore=40&_wpnonce=d0e5b50d05

    points to that empty page with the message:
    Failed security check, expired Activation Link due to duplication or date.

    • I refreshed permalinks
    • I re-saved all clean login pages and even re-saved the site’s permalink address
    • I cleaned the browser cache
    • I de-activated / re-activated clean-login

    To no avail…

    My solution was to copy the address of the “restpre password” link of the email (a one time link, see here and here).
    And then open that page in a browser where I was NOT logged in.

    Looks like the one time link does a (one-time) login and expects that to happen in the same browser the password reset was triggered.
    In my case I could not request the password reset in my default browser (since I was looged in as admin on that site), so I used another browser. But following the link in the email with a click opened the (other) browser where I was logged in.

    That at least was my explanation and solution.

    I have the same issue and I can confirm that using the link at the same browser where the user started the registration did work. As this was (or is) not the default browser at my try I got the “Failed security check, expired Activation Link due to duplication or date.” message.

    Is there something the developer can do about and make it work if the browser differs from the one the registration started!?

    Plugin Author Alberto Hornero

    (@hornero)

    Hi everybody,

    This is the default way to implement a wp_nonce policy in WordPress, but I’m open to implement this in another way if you have code suggestions.

    Alberto.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Failed security check’ is closed to new replies.