In straty.com case, the security cookie seems to be being reset every time when returning from Patreon.
This may be something to do with the init sequence of the plugins installed, or a plugin that modifies init in any way. Or something to do with WP engine
Im sending you the email to arrange the admin account for.
The conflict here is that cookies which exist to perform a specific action (i.e. show a different sidebar, or different page altogether) do not expect the page to be fully formed before they request it. When present, these cookies expect to interact with PHP in order to perform their unique action. But as you can see in the example above, cached pages do not get processed and built by PHP as uncached ones do.
As a result, your cookie may only work as expected when logged in to the WordPress Admin Dashboard. This is because logged-in user sessions specifically bypass the page cache layer, and will be processed by PHP every time.
I got on the phone with WP-Engine and the tech - who was incredibly helpful btw, which is why I use them - immediately knew what the issue was and we had it fixed in under 5 minutes.
WP-Engine caches very aggressively and that was causing the nonce not to be set properly.
For future WP Engine + Patreon Wordpress users who may stumble across this issue in the future: call WP-Engine and ask them to exclude the “patreon_nonce” cookie from the cache. They need the exact spelling of the cookie.
@codebard, maybe this could be included in the plugin documentation as well? I’m sure other wordpress-optimized hosting services do similar things with caching.
I have a new patron who was getting the “nonces don’t match” error. She cleared her cache but now when she tries to log in, she gets the captha over and over, she says she submitted the images 10 times and it just kept giving her more images to confirm.
I can second this! I am also hosting with WPEngine, was experiencing a similar issue (after overcoming a different installation issue), and got it fixed thanks to @straty.com’s detailed help here.
A text to WPEngine support asking them to exclude the “patreon_nonce” cookie from the cache solved the security warning fail.
Would be great to have some “host-specific known issues” on the GitHub readme, or elsewhere, for new installers.