What causes the “Are you sure you want to do this?” error with plugins?

This particular message happens when a nonce check fails.

I’d say the likely cause is a conflict with the referer (as part of nonce security, WP checks to see if the referer was an admin page on the same domain & path).

You can rule this out by defining a custom function in wp-config.php:

function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
    if ( -1 == $action )
        _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );

    $adminurl = strtolower(admin_url());
    $referer = strtolower(wp_get_referer());
    $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
    if ( !$result && !(-1 == $action /* skip this: && strpos($referer, $adminurl) === 0 */) ) {
        wp_nonce_ays($action);
        die();
    }
    do_action('check_admin_referer', $action, $result);
    return $result;
}

This implements the standard nonce check, but skips the referer part. If it cures the error message, we’ve isolated the problem and can work towards a permanent fix.

Further reading on the two primary types of errors (this, and insufficient permissions).

Related Posts:

  1. Adding a Taxonomy Filter to Admin List for a Custom Post Type?
  2. How to tell if a plugin is multisite compatible?
  3. Get plugin directory from a theme
  4. Create theme files for plugin
  5. Removing an admin page added by a 3rd party plugin. Gravity forms in this example
  6. How to authenticate custom API endpoint in WooCommerce [closed]
  7. WordPress admin notice in plugin function
  8. Integrating plugins in themes
  9. Gutenberg: How to use block attributes with ServerSideRenderer?
  10. How to Create a Directory in a Plugin Folder?
  11. Declaring script dependencies between scripts enqueued with different action hooks
  12. Changing widget options via the functions.php when there are no hooks
  13. Unique post-id for WordPress Multisite Network
  14. HELP: Integrating WP with raw PHP code once published button is hit
  15. Get page slug in Admin menu
  16. When is it useful to use wp_verify_nonce
  17. Custom preview_post_link not working for draft post
  18. How can I reactivate a plugin without access to my dashboard?
  19. How to add custom style to Gutenberg?
  20. bulk change of image setting “link to” to “link to: image url “
  21. CKEditor: Uncaught TypeError: switchEditors.switchto is not a functiononclick
  22. How to handle admin and passwords requests from plugins developers?
  23. Add custom taxonomy to title tag [closed]
  24. Hide extra menus from WordPress Dashboard
  25. How to find out which plugin is blocking user?
  26. Images not showing after changing wp-content folder name
  27. All Users > User List > Update User Meta Field Inline
  28. Insert new user with form submit ‘init’ hook
  29. Facebook-like Notification Plugin for WordPress Community Blog Sites?
  30. What keys are needed when passing the icons array to plugins_api()?
  31. Custom rewrite rules not working with WPML
  32. Nextcloud integration with wordpress
  33. Display by Category in Admin
  34. create link/button to purge cloudflare cache on post
  35. WooCommerce specifc variations for specific user role [closed]
  36. Limit post creation by role
  37. Nested shortcode functions accessing variable
  38. Editing a plugins element.style
  39. Adding CSS to custom post type admin page causes error
  40. Activate my plugins via FTP
  41. Network activating; if ( !current_user_can( ‘manage_options’ ) ) locks me out…
  42. Strange ASCII characters overlapping content
  43. How to check if my wordpress websiste is nulled or not?
  44. How to add apply_filter for a class property in plugin
  45. update_option_{$option} not showing old value
  46. Create a post builder skin in a plugin
  47. creating a plug in that would tap into save/update action of posts [closed]
  48. Photo Gallery Plugin and Touch Devices
  49. A server-side hook failed when committing plugin code to SVN
  50. Content-Security-Policy Headers are there and showing the correct settings, but still getting a refused connection
  51. How to use the pre_option filter before a plugin loads?
  52. Is it unethical to remove another plugin’s meta keys?
  53. Disable plugin If slug contains specific word
  54. How can ι create my own (custom) WordPress table/list?
  55. WordPress subfolder installation AJAX Problem
  56. Why do I get jQuery reference error / undefined when changing name of plugin file?
  57. Adding submenu to custom plugin menu page created with add_menu_page() function
  58. What is necessary to secure a WP plugin against direct file access attempts?
  59. How to prevent tabs from opening all at once
  60. Admin Message Broadcast for all wp users [closed]
  61. Add a Custom Field in Comment Box next to the Text area
  62. How do you create a re-useable HTML fragment in wordpress
  63. How to reduce the number of revisions?
  64. How translate it? Intensedebate
  65. How to Get Recent 5 post in My Title bar?
  66. Can Postie be used to submit podcasts via email?
  67. How to get current cart values using WC_Shortcodes?
  68. woocommerce: Customize email with item total count
  69. Callback hooked to post_updated firing on new posts as well
  70. The styles in the recent posts widgets plugin not working
  71. Virtual Ticket selling
  72. How to reset WP plugin?
  73. There has been a critical error on your website
  74. Trouble running python script in WordPress
  75. How to disable a widget area of a specific page?
  76. Plugin broke the site and unable to login in admin panel
  77. Plugin Guidelines require plugin to be GNU General Public License
  78. How to set From filed in contact form 7 Use Mail (2) auto responder
  79. How to print shortcode with js in visual composer?
  80. How woo-commerce store Product Data value in DB?
  81. How can I use wp_ajax_response for front-end error reporting?
  82. Save selectlist value (taxonomy) in wp:wp_set_object_terms
  83. Page doesn’t load
  84. Plugins missing in front end but appear in backend FTP
  85. Restrict ability to edit pages by username
  86. Force download a file within plugin file
  87. Ger posts from similar tags and categories
  88. How do I reset BackWPup?
  89. Simple Social Icons plugin not work on my blog
  90. Is it possible to run javascript on plugin deactivated?
  91. Getting label name of extra user fields
  92. Is there a way to combine categories and their hierarchy into the admin listing page?
  93. How to fix ‘Call to undefined function do_settings()’ error?
  94. Updating WordPress [closed]
  95. Child Plugin Admin Panel
  96. How to output cmb2 wysiwyg by using timber
  97. Exceeded the virtual memory limit
  98. Passing an input variable through a switch statement
  99. Plugins menu not on dashboard
  100. Free multi dealer rental cars (sign up) [closed]

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)