Your browser sent an invalid security token to WordFence

Share your htaccess code bro.

Here it is:

# HTTPS forced by SG-Optimizer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</IfModule>
# END HTTPS
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF

# END Wordfence WAF

# TN - START EXPIRES CACHING #
ExpiresActive On
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/x-icon "access 1 year"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresDefault "access 1 month"
# TN - END EXPIRES CACHING #

# TN - BEGIN Cache-Control Headers
<ifModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|swf)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(css)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(js)$">
Header set Cache-Control "private"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>
# TN - END Cache-Control Headers

# TN - BEGIN Turn ETags Off
FileETag None
# TN - END Turn ETags Off

# BEGIN Enable Gzip Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
</IfModule>
# END Enable Gzip Compression

If your site is not high traffic then you can revert back to old htaccess. If high traffic then you need to use nginx instead of these codes. Its better to revert old htaccess. if you can share your site then i will take a look and help you to optimize your site.

It’s a new website made of a single landing page so not much traffic. The URL is: https://viajesparaestudiantes.club/

I’ve put those codes in .htaccess for achieving the best result in speed tests like Google PageSpeed and Pingdom.

Let me know what should I do…

You are already using nginx, so why you want to optimize through apache? nginx is your front end. keep apache setting minimal and do everything in nginx. nginx is also good in everything without any setting, only you need to define cache expires. Avoid using any cache plugin for such 1 page site. Can i know what web control panel are you using?

Dear Jack,

reverting to original .htaccess didn’t fix the issue.

Moreover, as I said earlier, disabling all plugins (included cache) hasn’t worked.

So I guess is something related to WordFence, right??

Kind regards

Hi @davidecorizzo

Do you get this message on certain browser? or using any browser? did you try using Chrome Incognito mode as well?

Thanks.

Hi @wfalaa

I’ve tried with different browser as well as Chrome incognito mode.

Hi @davidecorizzo

This could be either a theme or a plugin conflict, a good way to narrow down this issue is to use “Health Check” plugin and enable “Troubleshooting mode“. The good thing about “Heath Check” plugin is that it’s developed by WordPress team and it only affects your logged in session so that other visitors won’t be affected.

Let me know how it goes,
Thanks.