Hi there,
While you mentioned that you aren’t using any third-party caching plugins on your site, is there a chance your hosting provider could be conducting cache for you? We see this error fairly often, and it typically always comes down to caching.
To explain a little, a “nonce” in WordPress is a method of creating a private session for your donor. This ensures that only your user is part of this session, and their private information is kept safe. This session is set to expire, and after it does, the nonce session is no longer valid.
In the past, we have seen users that use caching solutions run into this error. This private session is being cached (carried over from one donor to the next visitor) and when another user tries to submit the form, the cached session is served but is now invalid. When one of your donors unknowingly uses it, it results in a Nonce error.
The fix is to exclude certain pages from caching.
These pages include the Donation Confirmation and Donation History pages.
Once you can confirm all the pages have been excluded, clear all of the caches in your site and you should be good to go.
If you would like to learn more about sessions with Give and WordPress we have written an excellent article that explains the process:
https://givewp.com/documentation/core/frequent-troubleshooting-issues/understanding-troubleshooting-user-access/
I’m happy to keep digging into this, though if you’re certain there is no caching being conducted by your hosting provider.
Keep me posted.
