Title: Security check failed
Last modified: December 23, 2025

---

# Security check failed

 *  Resolved [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/)
 * Hi,
 * Sometimes it shows” Security check failed”([https://picshack.net/ib/ewRyVrylB0](https://picshack.net/ib/ewRyVrylB0)),
   after clear cache will back to normal.

Viewing 11 replies - 1 through 11 (of 11 total)

 *  Plugin Author [Teo Alex](https://wordpress.org/support/users/altesin/)
 * (@altesin)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765264)
 * Hello [@luislu](https://wordpress.org/support/users/luislu/) ,
 * This issue is caused by page caching. The security nonce (ps-password-nonce) 
   is generated dynamically and embedded in the page output. When the page is cached
   by a caching plugin, the nonce is also cached and, after some time, it expires.
 * When this happens, any AJAX request that uses the cached nonce will return an“
   Security check failed” error.
 * To fix this, please configure your caching plugin to do **one of the following**:
    - Exclude the page where Passster is used from page cache, or
    - Exclude the passster-public.js script from being cached.
 * After excluding the page or script, please clear the cache and test again.
 * This is standard WordPress behavior when nonces are used on cached pages.
 * Have a great day!
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765277)
 * I bypass passster cookie, will this help?
 *  Plugin Author [Teo Alex](https://wordpress.org/support/users/altesin/)
 * (@altesin)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765367)
 * Hello [@luislu](https://wordpress.org/support/users/luislu/),
 * Unfortunately, no. Bypassing only the Passster cookie is not enough.
 * Are you using a caching plugin? If so, which one?
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765368)
 * “Exclude the passster-public.js script from being cached.” As I know, only HTML
   can be excluded from being cached. How to exclude passster-public.js?
 * Do you mean exclude from minify?
    -  This reply was modified 3 months, 3 weeks ago by [Diiamo](https://wordpress.org/support/users/luislu/).
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765379)
 * Hi, [@altesin](https://wordpress.org/support/users/altesin/) I am using W3TC 
   and Super Page Cache by [Themeisle](https://themeisle.com/), cloudflare CDN free
   plan, thank you
    -  This reply was modified 3 months, 3 weeks ago by [Diiamo](https://wordpress.org/support/users/luislu/).
 *  Plugin Author [Teo Alex](https://wordpress.org/support/users/altesin/)
 * (@altesin)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18765565)
 * Hello [@luislu](https://wordpress.org/support/users/luislu/) ,
   This issue is 
   caused by HTML page caching through Super Page Cache and Cloudflare. Because 
   the security nonce for password verification is added inline to the page, it 
   is cached and expires over time.
 * To prevent this, we recommend excluding the **Passster-protected page** from 
   HTML page caching in Super Page Cache or Cloudflare.
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18779808)
 * Hi [@altesin](https://wordpress.org/support/users/altesin/) ，
 * How long will security nonce expires/ change?
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18779814)
 * If can automatically clear the page cache within the security nonce expiration
   date, can solve this issue, right?
    -  This reply was modified 3 months, 1 week ago by [Diiamo](https://wordpress.org/support/users/luislu/).
 *  Plugin Author [Teo Alex](https://wordpress.org/support/users/altesin/)
 * (@altesin)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18780424)
 * Hello [@luislu](https://wordpress.org/support/users/luislu/) ,
   By default, a 
   WordPress nonce is valid for up to 24 hours (internally it rotates every ~12 
   hours). After that, any request using that nonce will fail and return the “Security
   check failed” message.
 * If you automatically clear the cache every X hours, then yes, it will appear 
   to “fix” the problem, because a new page will be generated and a fresh nonce 
   will be inserted. 
   The proper solution is to exclude Passster-protected pages
   from page cache.
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18780543)
 * I find a solution: Set to bypass the page cache on the cache plugin, then set
   the cache expiration time within 12 hours on the CDN.
 *  Thread Starter [Diiamo](https://wordpress.org/support/users/luislu/)
 * (@luislu)
 * [3 months ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18787885)
 * Hi [@altesin](https://wordpress.org/support/users/altesin/) ,
 * The new version today, it says”Changed: Prevent nonce from being cached.”, does
   it mean can cache the page html for longtime now?

Viewing 11 replies - 1 through 11 (of 11 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-check-failed-23%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/content-protector/assets/icon-256x256.png?rev=2206760)
 * [Passster - Password Protect Pages and Content](https://wordpress.org/plugins/content-protector/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/content-protector/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/content-protector/)
 * [Active Topics](https://wordpress.org/support/plugin/content-protector/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/content-protector/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/content-protector/reviews/)

 * 11 replies
 * 2 participants
 * Last reply from: [Diiamo](https://wordpress.org/support/users/luislu/)
 * Last activity: [3 months ago](https://wordpress.org/support/topic/security-check-failed-23/#post-18787885)
 * Status: resolved