Title: &#8220;Invalid Security Token&#8221; with embed codes
Last modified: April 5, 2019

---

# “Invalid Security Token” with embed codes

 *  Resolved [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/)
 * I have Jetpack comments enabled on this site, and I get a message “Invalid Security
   Token” when I post embed codes like the kind I get from Twitter and Instagram.
   These codes have a lot of HTML markup in them.
 * Not every website’s embed codes fail, however. Here are some I’ve tested successfully:
   Flickr, Gfycat, Vimeo.
 * But Twitter and Instagram’s embed codes result in the “Invalid Security Token”
   error every time.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Finvalid-security-token-with-embed-codes%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Thread Starter [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11394188)
 * I just discovered something that may help. The embed codes from Twitter all have
   the `&mdash;` entity code in them. When I manually remove that code, I am able
   to post the content.
 * This will be helpful to me when I want to add content from Twitter as a comment,
   but if other readers want to do the same, I’ll have to teach them this trick.
   It would be much easier for all if these embed codes would work exactly as these
   services provide them.
 *  [Gemma Evans](https://wordpress.org/support/users/gemmaevans/)
 * (@gemmaevans)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11395061)
 * Hi [@mbrailer](https://wordpress.org/support/users/mbrailer/),
 * I’ve done some testing but haven’t been able to replicate the issue you described—
   either through WordPress.com or the WP Admin dashboard. It sounds like you are
   using the full embed code generated by Instagram, rather than coping the post
   URL into the editor — is that correct?
 * When the embed code is pasted into a post or page, at what point are you seeing
   the error message?
 * I noticed you are using a plugin called `oEmbed in Comments`. To rule out any
   possible conflicts, could you try deactivating that plugin and see if adding 
   the embed code triggers any errors?
 *  Thread Starter [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11397185)
 * Hi Gemma:
 * I had installed oEmbed in Comments after I posted my original message (which 
   I realize may have created confusion, for which I apologize). Also, to clarify
   my earlier post, my issue only affects Jetpack comments, not posts or pages. 
   I have disabled the plugin.
 * Pasting a Twitter or Instagram embed code into the Jetpack comment box produces
   an “Invalid Security Token” message after clicking the “Post Comment” button.(
   It looks like this: [http://mike.brailer.info/wp-content/uploads/2019/04/invalid-security-token.png](http://mike.brailer.info/wp-content/uploads/2019/04/invalid-security-token.png))
 * If I paste the content URL into a comment, it turns into a clickable link rather
   than embedding (except for YouTube videos, which do embed). This is why I installed
   oEmbed in Comments, which solves my problem.
    -  This reply was modified 7 years, 2 months ago by [mbrailer](https://wordpress.org/support/users/mbrailer/).
 *  Plugin Contributor [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11397689)
 * That’s very odd. Can you confirm that it works properly with Jetpack Comments
   switched _off_?
 *  Thread Starter [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11397781)
 * James:
 * It looks like the only time I can successfully paste embed codes is when Jetpack
   comments are disabled and I’m logged in.
 * I opened a second browser window in Incognito Mode (Chrome) so that I could post
   comments as an anonymous user. I obtained some embed codes from Twitter and Instagram.
 * When I pasted these codes with Jetpack comments enabled, I saw the “Invalid Security
   Token” error. When I pasted them with Jetpack comments disabled, there was no
   error message, but the embed didn’t work right — I saw the HTML code displayed
   rather than the embedded content.
 * Only when I post embed codes while logged on to the site AND with Jetpack comments
   disabled, do I see the content I’m trying to embed.
 *  Plugin Support [darnelldibbles](https://wordpress.org/support/users/darnelldibbles/)
 * (@darnelldibbles)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11404641)
 * Hi there,
 * Could you try reinstalling Jetpack on your site to rule out any plugin installation
   related errors?
 * You can start with a fresh install by deleting and then reinstalling the Jetpack
   plugin, as described here:
    [https://jetpack.com/support/reconnecting-reinstalling-jetpack/#reinstalling-jetpack](https://jetpack.com/support/reconnecting-reinstalling-jetpack/#reinstalling-jetpack).
 * Also, I see that all of your plugins are currently deactivated. My second recommendation
   was going to be to deactivate all other plugins, except Jetpack. Test commenting
   on your site, to see if the issue persists. Have you tested commenting with them
   all deactivated? I was wondering if Contact Form 7 for some reason was causing
   a conflict.
 * Let me know if you made any progress and we’ll continue to monitor the issue 
   on our end.
 *  Thread Starter [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11418296)
 * Hello [@darnelldibbles](https://wordpress.org/support/users/darnelldibbles/)
 * I did as you suggested and uninstalled/reinstalled Jetpack. I also deleted all
   other plugins so that Jetpack was the only one. There didn’t appear to be any
   change. Here are some scenarios I tried and the outcomes when pasting an embed
   code obtained from Twitter:
    - Jetpack enabled, Jetpack comments enabled, logged in as admin: “Invalid Security
      Token”
    - Jetpack enabled, Jetpack comments enabled, anonymous user: “Invalid Security
      Token”
    - Jetpack enabled, Jetpack comments disabled, logged in as admin: Success: embedded
      content appears
    - Jetpack enabled, Jetpack comments enabled, anonymous user: Embedded content
      doesn’t appear, just the HTML code (but a reference to platform.twitter.com/
      widgets.js has been removed. I assume WordPress does that)
 * After this, I installed a plugin titled oEmbed in Comments ([https://gist.github.com/sheabunge/6018753](https://gist.github.com/sheabunge/6018753)).
   This is a better solution for me overall, because readers can embed content just
   by pasting the URL instead of a longer embed code.
 *  Plugin Contributor [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11418875)
 * The issue regarding failed comments with `&` symbols in them (like most embed
   codes, including Twitter) is known: [https://github.com/Automattic/jetpack/issues/2898](https://github.com/Automattic/jetpack/issues/2898)
 * Sorry for not noticing that earlier!
 * We don’t have a solution for that yet, so I recommend either continuing with 
   the oEmbed plugin you found, or switching off Jetpack Comments.
 *  Thread Starter [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * (@mbrailer)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11423250)
 * Got it, thanks!

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘“Invalid Security Token” with embed codes’ is closed to new replies.

 * ![](https://ps.w.org/jetpack/assets/icon.svg?rev=2819237)
 * [Jetpack - WP Security, Backup, Speed, & Growth](https://wordpress.org/plugins/jetpack/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/jetpack/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/jetpack/)
 * [Active Topics](https://wordpress.org/support/plugin/jetpack/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/jetpack/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/jetpack/reviews/)

## Tags

 * [Comments](https://wordpress.org/support/topic-tag/comments/)

 * 9 replies
 * 4 participants
 * Last reply from: [mbrailer](https://wordpress.org/support/users/mbrailer/)
 * Last activity: [7 years, 2 months ago](https://wordpress.org/support/topic/invalid-security-token-with-embed-codes/#post-11423250)
 * Status: resolved