@lkl I was able to reproduce the issue on lawlessfrench.com, while using Chrome on Win 7.
It seems that our security cookie is never being issued by your website. It may have to do with your WordFence settings or some other plugin which has to do with cookies or security.
If you can arrange me an admin account (a new account which you will delete afterwards) with which i can look into your WordPress installation, that would help fixing this greatly.
If that’s ok, please PM me through the forum, I will give you an email address for which to create this user and send the credentials to. Please never give any credentials to anyone else.
It will take a few days to go through this (not including the weekend), after which i will let you know so you can delete that account.
In straty.com case, the security cookie seems to be being reset every time when returning from Patreon.
This may be something to do with the init sequence of the plugins installed, or a plugin that modifies init in any way. Or something to do with WP engine
Im sending you the email to arrange the admin account for.
The conflict here is that cookies which exist to perform a specific action (i.e. show a different sidebar, or different page altogether) do not expect the page to be fully formed before they request it. When present, these cookies expect to interact with PHP in order to perform their unique action. But as you can see in the example above, cached pages do not get processed and built by PHP as uncached ones do.
As a result, your cookie may only work as expected when logged in to the WordPress Admin Dashboard. This is because logged-in user sessions specifically bypass the page cache layer, and will be processed by PHP every time.
I got on the phone with WP-Engine and the tech - who was incredibly helpful btw, which is why I use them - immediately knew what the issue was and we had it fixed in under 5 minutes.
WP-Engine caches very aggressively and that was causing the nonce not to be set properly.
For future WP Engine + Patreon Wordpress users who may stumble across this issue in the future: call WP-Engine and ask them to exclude the “patreon_nonce” cookie from the cache. They need the exact spelling of the cookie.
@codebard, maybe this could be included in the plugin documentation as well? I’m sure other wordpress-optimized hosting services do similar things with caching.
I have a new patron who was getting the “nonces don’t match” error. She cleared her cache but now when she tries to log in, she gets the captha over and over, she says she submitted the images 10 times and it just kept giving her more images to confirm.