401 Unauthorized Error Message

A 401 unauthorized error message indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. There are various reasons this might happen and some of the most common reasons are listed below.

Password Protected Pages

Make sure that you have no password protected makes incorrectly, otherwise accessing those pages without a password will result in a 401 error. In particular, WS Form uses the WordPress REST API therefore you should ensure access to pages under:

/wp-json/

… are accessible without a password unless absolutely necessary.

WordPress Security Plugins

Some WordPress security plugins may accidentally block access to certain URLs. Check if your security plugin has blocked any paths that might be used by WS Form.

Temporarily disabling your security plugin may help isolate the issue to that particular plugin.

NONCE Error

If you have page caching enabled and it is incorrectly configured it might cause form editing or submissions to fail. Systems that cache web pages such as Cloudflare, Cloudfront and also WordPress plugins that provide page caching can cause this error to occur if they are not configured correctly.

The reason for this may be a WordPress feature called a ‘NONCE‘ (Number used ONCE). A nonce is a unique code that is sent to your web server whenever your form talks to WordPress in the background. Their intended purpose is to ensure that data sent to your website is from a valid source and they helps prevent unauthorized access to your website.

WS Form and other popular plugins use this feature to secure your website.

NONCE values are valid for 12 hours, after which any subsequent use of that value will result in an error.

If the page cache timeout setting is set to a value that is too long, an expired nonce may continue appear in web pages and this will result in this error.

To ensure your WordPress website is able to handle nonce values properly, we recommend that any page caching is set to 10 hours OR LESS. In the majority of cases, a page cache duration of 1 hour or less is sufficient.

Please refer to your caching plugin, CDN or other caching mechanism about checking changing this setting.

For more information about nonces, please visit: https://developer.wordpress.org/plugins/security/nonces/