403 Forbidden with W3TC

  • IvanRF

    (@ivanrf)


    7 years, 6 months ago

    Since I updated to the latest WordPress, Wordfence and W3TC versions I’m getting 403 Forbidden errors on the comments’ captcha.

    If a user refreshes the captcha or tries to post a comment a 403 Forbidden error is thrown.

    When I’m logged in on WordPress I see no issues so my guess is that W3TC is caching something it shouldn’t (the cache is disabled for logged in users).

    In fact, for one page I always get the same captcha so it must be related to caching.

    Any ideas on how to solve this?

    • This topic was modified 7 years, 6 months ago by IvanRF.
    • This topic was modified 7 years, 6 months ago by IvanRF.
Viewing 6 replies - 1 through 6 (of 6 total)
  • bestwebsoft

    (@bestwebsoft)

    7 years, 6 months ago

    Hi,

    Thank you for contacting us.

    Please temporarily deactivate W3 Total Cache plugin, so it couldn’t interrupt Captcha Pro. Also, you should mark “Show CAPTCHA after the end of the page loading” checkbox on the Captcha settings page. After that, try to enable caching plugin and clear its cache.

    Sincerely,
    BestWebSoft Support Team

    Thread Starter IvanRF

    (@ivanrf)

    7 years, 6 months ago

    Thanks for the reply.

    I downgraded the version of W3 Total Cache to 0.9.5.1, and now your plugin works fine (as it used to).

    I think you should make some tests running the Captcha plugin and the latest W3 Total Cache 0.9.5.2. What I found with that version is that when you “Purge All Caches” the Captcha works fine, but after 24 hours the 403 Forbidden error is thrown when trying to refresh the captcha.

    Let me know if you need more info.

    Thread Starter IvanRF

    (@ivanrf)

    7 years, 6 months ago

    Also, to clarify, the 403 Forbidden error is thrown by the captcha plugin? or your plugin only outputs a page response? (and thus the forbidden response maybe come from Wordfence)

    Update: I think I found my answer on js/front_end_script.js lines 65-66 (you should throw only one alert() with xhr.status + ' ' + thrownError).

    • This reply was modified 7 years, 6 months ago by IvanRF.
    bestwebsoft

    (@bestwebsoft)

    7 years, 6 months ago

    Hi,

    We have tested our plugin with the latest W3 Total Cache and Wordfence versions and it works correctly.
    Did you manage to enable “Show CAPTCHA after the end of the page loading” option on the plugin settings page?
    Also, try to disable JS minification and caching in W3 Total Cache settings and clear its cache again.

    Let us know about the results.

    Sincerely,
    BestWebSoft Support Team

    bestwebsoft

    (@bestwebsoft)

    7 years ago

    Hi,

    Since there is no reply from you, we consider this topic as resolved. We hope you’ve found the solution. If you have any questions, please feel free to contact us via our Help Center – https://support.bestwebsoft.com/.

    benjamin.anakena

    (@benjaminanakena)

    6 years, 9 months ago

    Hi,

    I’m facing the same issue with W3TC. I’m getting an alert with 403 Forbidden when loading the captcha via AJAX. But this only happens a while after flushing the cache, not at first. I’m using both plugins and WordPress last version.

    I’ve tracked the issue down and it is caused by the ajax_nonce verification. As the page is cached the nonce is never updated. And when it expires, all the captcha AJAX requests start failing until the pages are purged from the cache.

    As a temporary fix, I’ve currently removed:
    check_ajax_referer( 'cptch', 'cptch_nonce' );
    from the cptch_reload() function in captcha.php.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘403 Forbidden with W3TC’ is closed to new replies.