Security check failed again

  • Resolved Diiamo

    (@luislu)


    2 months, 2 weeks ago

    Hi,

    It shows “Security check failed” again, the newest version.

    The page is not cached, fail to load /wp-json/passster/v1/nonces, shows 403 Forbidden. I already add /wp-json/passster/v1/nonces into all firewall whitlist, it still shows 403 Forbidden.

    I put many Passster shortcodes ( [passster password=”xxx” area=”xx”]) in one page. Is this OK?

    • This topic was modified 2 months, 2 weeks ago by Diiamo.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter Diiamo

    (@luislu)

    2 months, 2 weeks ago

    Hi,

    I disable the Advanced Access Manager plugin (https://ww.wp.xz.cn/plugins/advanced-access-manager/), and it went back to normal.

    I think the two plugins are not compatible, I also open a thread for AAM plugin https://ww.wp.xz.cn/support/topic/conflict-with-passster-plugin/

    • This reply was modified 2 months, 2 weeks ago by Diiamo.
    • This reply was modified 2 months, 2 weeks ago by Diiamo.
    Plugin Author Teo Alex

    (@altesin)

    2 months, 2 weeks ago

    Hello @luislu,

    I tried to reproduce the reported issue but was unable to do so. The Passster plugin appears to function normally when used together with Advanced Access Manager.

    Additionally, the REST API paths blocked by Advanced Access Manager seem to return a 401 status code, while you mentioned receiving a 403. This difference suggests that something else might be blocking the request.

    Is it possible that when you disabled the AAM plugin, the cache was cleared and that’s why it started working again?

    Thread Starter Diiamo

    (@luislu)

    2 months, 2 weeks ago

    Hi @altesin ,

    I disabled other plugins, but doesn’t help, only disabling AAM can make it work.

    The administrator will bypass Page cache and CDN cache, only the memcached cache is working, I think it is not the matter of cache.

    Perhaps some function/ setting of AAM plugin is not compatible with Passster?

    AAM plugin has been updated days ago, it worked well before with Passster.

    • This reply was modified 2 months, 2 weeks ago by Diiamo.
    Thread Starter Diiamo

    (@luislu)

    2 months, 2 weeks ago

    Hi @altesin ,

    I try again, only activate Elementor、passster、AAM plugin, clear object cache, still has “Security check failed” issue. If deactivating AAM plugin, back to normal.

    https://we.tl/t-TXsqZ0Xlca here is the AAM setting, hope can help you reproduce issue.

    Plugin Author Teo Alex

    (@altesin)

    2 months, 1 week ago

    Hello @luislu,

    Based on the AAM settings you shared, it appears that the REST API functionality is disabled across the entire site.

    Passster relies on the REST API to retrieve the nonce used for password validation, so this restriction is likely causing the issue.

    Thread Starter Diiamo

    (@luislu)

    2 months, 1 week ago

    Hi @altesin ,

    You are right, it is a matter of the REST API. But the AAM plugin doesn’t have a function to disable the REST API, that’s the weird part.

    Plugin Author Teo Alex

    (@altesin)

    2 months, 1 week ago

    Hello @luislu,

    I’ve located the setting that disables the REST API. You can find it by navigating to:

    Dashboard → AAM → Settings (right side) → Core Settings (left side) → RESTful WordPress API

    Please try disabling this option and let us know if that resolves the issue.

    Thread Starter Diiamo

    (@luislu)

    2 months, 1 week ago

    Hi @altesin

    Thank you very much, open the “RESTful WordPress API” function can work.

    I thought turning it on would disable the REST API…

Viewing 8 replies - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.