What causes the “Are you sure you want to do this?” error with plugins?

2 Views

This is an odd case I’ve run into. A site I’ve had for years started throwing
this “error” when i try to make certain backend changes. It seems pervasive –
If i try to install, update, activate or deactivate any plugin. I can still look at the list of plugins and view their settings, generally.

Any thoughts on where to start looking?

Post Views: 2

Related posts

Leave a Reply

4 comments

  1. This particular message happens when a nonce check fails.

    I’d say the likely cause is a conflict with the referer (as part of nonce security, WP checks to see if the referer was an admin page on the same domain & path).

    You can rule this out by defining a custom function in wp-config.php:

    function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
    if ( -1 == $action )
        _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );

    $adminurl = strtolower(admin_url());
    $referer = strtolower(wp_get_referer());
    $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
    if ( !$result && !(-1 == $action /* skip this: && strpos($referer, $adminurl) === 0 */) ) {
        wp_nonce_ays($action);
        die();
    }
    do_action('check_admin_referer', $action, $result);
    return $result;
}

    This implements the standard nonce check, but skips the referer part. If it cures the error message, we’ve isolated the problem and can work towards a permanent fix.

    Further reading on the two primary types of errors (this, and insufficient permissions).

  2. I ran into this problem when implementing ‘on_activation’ code and needed to see my output mid-development. Well, this is a big no-no and even with an ‘exit’ statement, wordpress (4) was showing “Are you sure you want to do this?” instead of my dump. @TheDeadMedic’s suggestion got pointed in the right direction, but didn’t work in my particular case. I put the following into my wp-config.php

     // =============== FOR DEVELOPMENT ONLY -BEGIN- ================
/* Stop Checking NONCE
Motivation: when trying to see the output in _deactivation, it would show.
*/
function check_admin_referer($action = -1, $query_arg = '_wpnonce') { //https://wordpress.stackexchange.com/a/60977/8972
    return true;  // honey badger don't care (if I'm in development)   
}
// =============== FOR DEVELOPMENT ONLY -END- ================

    This will basically kill a bunch of otherwise useful security stuff.

    BTW – I was following this sample (https://wordpress.stackexchange.com/a/25979/8972) by @kaiser for activating a plugin.

  3. I have fix this issue in my site for set bellow value in php.ini file

    memory_limit = 128M 
upload_max_filesize = 80M
post_max_size = 80M

    may be this useful.

  4. I’ve discovered this can also happen if a check_admin_referer() function is being called with invalid arguments somewhere in your site. If you’re getting this error and cant find the problem, check your use of check_admin_referer() throughout your theme and plugins.

    I started getting this error right after I created a new admin options page for my theme. I had added a check_admin_referer() inside a new class, and accidentally swapped the 1st and 2nd parameters. I didn’t get any error messages from the class itself, but it mysteriously started affecting the saving of options and profiles in pages that didn’t even load or call the class I had created. Fixing my call to check_admin_referer() immediately solved the problem.