admin-ajax.php shows 403 popup after 24h

Hi @john5171, can you try to update Setting > Default Public Cache TTL to 43100 temporarily to see is it back to normal? Also, may I know which plugin is using the nonce for verifying?

Can you tell which plugin used that nonce? The default one is already automatically converted to ESI by LSCWP. If it is an special action nonce, need to find it and add it to ESI.

I actually just fixed this issue.

The plugin was Captcha by SimplyWordpress and the problem started after I selected the option “Show CAPTCHA after the end of the page loading”.

I simply disabled that option, and admin-ajax is no longer loading.

I am not sure when that Captcha will show. But in source code you can see there is still a nonce value cached, which could cause captcha invalid when it is to be used. ESI will be a perfect way to permanently improve the compatibility.

If you could do a whole folder search for wp_create_nonce in your plugin, could easily figure out which nonce action it is using. If it is a open source plugin, please give the download path, we can do a search too.

Well the nonce you found in the source are not from the Captcha plugin. The problem was specific for pages that used that Captcha plugin. And as of now, the plugin no longer uses AJAX.

I will wait and see if the problem is fixed after 24 hours. It should be fine.

Are all nonce entries problematic? I don’t think they are…