Fixing WordPress Nonce and Caching Issues

WordPress nonces are security tokens used to verify that form submissions and AJAX requests originate from legitimate sources. When combined with aggressive caching, nonces can cause issues with CheckView test flows.

What Are WordPress Nonces?

A nonce (“number used once”) is a unique token that WordPress generates for form submissions and API requests. Nonces expire after a set period (typically 12-24 hours) and are tied to the current user session.

How Nonces and Caching Cause Test Failures

When a page with a form is cached, the nonce embedded in the form HTML can become stale. If CheckView loads a cached version of the page, the nonce may have already expired, causing the form submission to fail with a “nonce verification” or “invalid nonce” error.

Solutions

1. Exclude form pages from caching: In your caching plugin (WP Super Cache, W3 Total Cache, LiteSpeed Cache, etc.), add the URLs of pages with forms to the cache exclusion list.
2. Exclude CheckView requests from caching: Many caching plugins allow you to exclude requests based on query parameters. Exclude pages with the checkview_test_id parameter.
3. Use AJAX-based nonce refresh: Some form plugins (like Gravity Forms) support refreshing nonces via AJAX before submission. Ensure this feature is enabled.
4. Update the CheckView helper plugin: The CheckView WordPress helper plugin includes compatibility fixes for common nonce and caching conflicts. Ensure it is updated to the latest version.

Common Error Messages

• “Invalid nonce”: The nonce token was expired or incorrect.
• “Nonce verification failed”: WordPress rejected the form submission because the security check failed.

If you continue to experience nonce-related failures after trying these solutions, contact our support team for assistance.