CSRF (Number Used Once) validation failed.

Documentation Menu

CSRF (Number Used Once) validation failed.

Our plugin uses a security feature from WordPress called a Nonce.

A nonce is a random code generated by WordPress every 48 hours, which is sent along with the booking details. The server then tries to validate this code, and it if fails you get the CSRF (Number Used Once) validation failed. error message (previously called Nonce validation failed).

If you are using a caching plugin, it’s possible that this code is cached and an expired code is sent to the server.

To fix this, you have 3 options:

  1. Exclude the page your calendar is on from being cached.
  2. Decrease your cache time to 24 hours.
  3. Turn off Nonce validation by adding this code to your theme’s functions.php file:
    add_filter('wpbs_form_ajax_nonce', function(){ return false; });

If by any chance you got here as a customer trying to make a booking, please contact the website administrator.

Instructions on how to exclude pages in common caching plugins:

Was this article helpful?

Yes (111) No

We're sorry to see this article wasn't as helpful as we hoped it would be. Please let us know what you were looking for so that we can improve this documentation page.

Full CTA BG
Is WP Booking System a good fit for you?

Tell us about your business activity & plugin requirements and we'll let you know if WP Booking System is right for you.

Have a support question? Please use this form instead.

WP Booking System uses its own and third-party cookies to personalize content and to analyze web traffic, as specified in our cookie policy.

Allow all cookies Allow essential cookies only