Are you receiving the “Nonce Validation Failed!” message while trying to submit a quiz/survey on QSM? In this article, we have explained what this means and how this issue can be fixed.
What is “Nonce” in the first place?
Nonce -> ‘n once’ are security tokens in WordPress. Nonces are being used by thousands of WordPress plugins and themes. They are a great way to quickly add protection against various types of hacking, particularly cross-site scripting (XSS).
Nonces can only be used once, and they are only valid for a certain length of time. In the case of QSM, this issue happens because the submit nonce, which had expired, is still cached on the webpage. WordPress nonce expires after 24 hours and till then it continues to serve old cached pages.
So, how to avoid the “Nonce Validation Failed” error you may ask.
How to fix this?
Developers cannot completely ignore using nonce in their code as using it is made necessary by WordPress. The same applies to QSM, We cannot fix this issue without removing the WP Nonce from our code.
We added the nonce in our codebase as it is recommended by WordPress coding standards. Removing the nonce from our code can make users’ websites vulnerable to potential security risks.
The only viable solution that we can suggest is of disabling the cache on quiz pages. If you have installed any of the caching plugins you need to exclude the quiz pages to be cached by them.
How to Disable the cache on Quiz Pages
LiteSpeed Cache Plugin
If you are using the LiteSpeed Cache Plugin on your WordPress site. Through your WordPress dashboard navigate to LiteSpeed Cache > Cache >  Excludes
In the “Do Not Cache URIs” field you can enter the URL to exclude caching. Visit LiteSpeed Cache’s Exclude Tab Docs.
WP Fastest Cache
If your site uses the WP Fastest Cache Plugin then you can exclude the pages and posts with the quiz from caching by navigating to WP Fastest Cache > Exclude > Add New Rule
From the drop-down select the REQUEST_URI consisting of the page or post that has the quiz. Visit WP Fastest Cache’s Exclude Page Documentation.
Similarly, you can disable the pages and posts that house the quiz on your respective cache plugins to prevent the Nonce Validation Failed Error while saving the quiz.
With this in mind, we must inform you that it is not possible to fix this issue without removing the nonce from our code, and we have no plans to remove the nonce from our codebase as we value site security much more.
We hope this article has been relatively helpful. However, if you are still facing issues with the “Nonce Validation Failed” error, we recommend that you get in touch with our support in the WordPress forum.