Support » Plugins » Hacks » wp_verify_nonce fails when preview drafts

  • Since several versions of WP ago (probably 3.9 or 4.0, but maybe earlier), I can’t view post or page drafts when the custom theme for my blog is activated. This is specific to the “Edit Post”/”Edit Page” screen, i.e. with the nonce added to the request URI.

    I’ve traced the problem through core and it appears that the call to wp_get_current_user() fails because $current_user contains, for this brief instance, a valid but empty WP_User object. So far, I have not been able to find out why this happens with the custom theme (originally based on The Erudite, but heavily modified since). I am not calling ANY user related functions (at least as far as I can see). To the best of my knowledge, I’m not calling anything before init at all.

    What’s more, on my single site development version, the problem is not reproducible. It only shows on the multisite production environment. Any suggestions which WP functions could possibly “damage” $current_user?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Does this happen with any other theme(s) on the same server?

    It could be a completely unrelated issue to WordPress, like mod_security for example.

    It only happens with my custom theme. However, I’ve recently changed to all SSL and removed some filters that changed backend post URL and now previewing works again. I’m still not sure what the connection is, but apparently core does not like changing of the backend protocol.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wp_verify_nonce fails when preview drafts’ is closed to new replies.