401 Unauthorized Error Message – WS Form

401 Unauthorized Error Message

If you have page caching enabled and it is incorrectly configured it might cause form editing or submissions to fail.

The reason for this may be a WordPress feature called a ‘nonce‘ (Number used ONCE). A nonce is a unique code that is sent to your web server whenever your form talks to WordPress in the background. Their intended purpose is to ensure that data sent to your website is from a valid source and they helps prevent unauthorized access to your website.

WS Form and other popular plugins use this feature to secure your website.

Nonce values are valid for 12 hours, after which any subsequent use of that value will result in an error.

Systems that cache web pages such as Cloudflare, Cloudfront and also WordPress plugins that provide page caching can cause this error to occur if they are not configured correctly for WordPress. If the page cache timeout setting is set to a value that is too long, an expired nonce may continue appear in web pages and this will result in this error.

To ensure your WordPress website is able to handle nonce values properly, we recommend that any page caching is set to 10 hours OR LESS. In the majority of cases, a page cache duration of 1 hour or less is sufficient.

Please refer to your caching plugin, CDN or other caching mechanism about checking changing this setting.

For more information about nonces, please visit: https://developer.wordpress.org/plugins/security/nonces/