We discovered this solution to a WordPress/Yoast SEO problem, but we didn’t find the solution online, so we’re publishing it here. Maybe we can help others.
This is not necessarily the fix for every “403, Cookie Check Failed” issue, but it solved it in this case.
Background and the Bug
We published a WordPress site by keeping it in a subdirectory but changing the site URL to the site domain.
Several symptoms showed up:
- Yoast SEO data optimization failed
- saving Yoast settings failed
- saving pages failed
The Solution: Update Keys and Salts in wp-config
We’ve seen page-save failures like this after moving other sites. The solution has been resalting the keys and salts.
What are “Authentication unique keys and salts”?
The file wp-config.php is in the WordPress directory. It has a section called “Authentication unique keys and salts”. They’re used in security and log ins. This section looks like this.
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', '^63@|4y>>YBJ2-X4R*}v>f+#Qy=1%owj!zc6@JL!^`XjUS9u]2z9e.(Q| x&vPD#');
define('SECURE_AUTH_KEY', '1o|cgz!q^S(|y9;f+(K3Y7A}NYP?,(7YCWs|H)+JD|3,6su10$K8V|5BQQNU-#_B');
define('LOGGED_IN_KEY', 'ZK61-gPL-:$`-7H@-iE+.>): fb|8b5?q3qy3aT38;;L/EgT5[uyD]r/tn:gU+*~');
define('NONCE_KEY', '2y~j+qA&gVXl0>= fBKYc9gH;Yf_USfs]fAb1ar<. fK?+N|H=^?cM-)IvFwhkrP');
define('AUTH_SALT', '7Uz]2=C]6,v2-8398l$kvn9=(S$tn/,EH@:]ow`CE.7wSi6gimRjYH*Ul#[DeU<5');
define('SECURE_AUTH_SALT', 'T2)O?~fOQpnePCIi2fTi?(q9PQ+fA-iVnk*V}IkAs@l(IAD7i+n&9-D(M%!aYL^(');
define('LOGGED_IN_SALT', 'snI]Md06|A^#8,}K~g>JGF;-`-G,c8Gz3d&o{xW-r<^h$4b+Eg(v]EWjPX+UF;?W');
define('NONCE_SALT', ']Wx NBtIO|#hU.+E)-+fkzgj8-^Gn>iWaH:FwW!;&;L&C-glj~EJ4:fEKC!n|JP|');
How To Change WordPress Authentication Unique Keys and Salts in wp-config.php
First, you should be comfortable with editing code and backing up files. These instructions assume you can edit some code and move WordPress files.
IMPORTANT: This will log out all users. Make sure you have a good admin log in for WordPress before doing this.
- Back up your wp-config.php file.
- Edit the wp-config.php file.
- Find the section “Authentication unique keys and salts.”
- Find the URL in this section to regenerate new keys and salts.
It’s been this URL for a many years: https://api.wordpress.org/secret-key/1.1/salt/ - Highlight and copy the new keys and salts generated at this URL.
- In wp-config, delete the old keys and salts, and then paste the new ones.
- Save the file.
- If you’re editing the file off-site, upload the file.
Contact Pacesetter Media if you need help.