contact_mailContact Form 7•errorerrorinfoajaxwarningvalidationdescriptioncontact-form-7•labelCommon•warningModerate

Contact Form 7: Nonce verification failed.

Contact Form 7 uses a WordPress nonce to protect each submission from cross‑site request forgery. The nonce is generated when the form HTML is rendered and is checked when the AJAX request reaches the server.

If the nonce value no longer matches the one stored in the user session, WordPress returns a failure response. The mismatch appears as the error message on the front end.

Common reasons for mismatch include serving a cached version of the page, JavaScript that alters the hidden field, or a server clock that is out of sync with WordPress time calculations.

When multiple WordPress installations share a domain, differing salts generate nonces that cannot be validated across sites. Security plugins that replace wp_nonce_field may also break the flow.

HTTPS to HTTP transitions drop the authentication cookie, causing the nonce verification step to fail even if the hidden field is correct.

Symptoms

[dashicons-warning]

Error message displayed

Front‑end shows “Contact Form 7: Nonce verification failed.” above the form.

[dashicons-no]

Form does not submit

Submit button appears to work but no email is sent and no success message appears.

[dashicons-admin-tools]

Console shows 403 response

Network tab displays a 403 or 400 response from admin‑ajax.php with a nonce failure message.

[dashicons-admin-users]

Issue limited to logged‑out users

Administrators can submit the form while visitors see the error.

Common Causes

Stale cached page

Page cache or CDN edge cache serves HTML with an expired nonce.

JavaScript interference

Minification, defer, or async loading changes or removes the hidden _wpnonce field.

Server time drift

PHP clock differs from WordPress nonce time window, making every nonce appear expired.

Plugin or theme conflict

Other code deregisters wp_nonce_field or overrides wpcf7_verify_nonce.

HTTPS/HTTP mismatch

Form loads over HTTPS while submission occurs over HTTP, causing the authentication cookie to be dropped.

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7