Nonce Refresh for Cached Pages in Super Page Cache Pro β
WordPress nonces expire over time. On long-cached pages, an expired nonce can break forms, login-related actions, carts, ratings, calendars, or other frontend interactions. Super Page Cache Pro can refresh supported nonces on cached HTML pages so visitors can keep using those interactions safely.
π Note: Nonce refresh is available only in Super Page Cache Pro.
Enable nonce refresh β
- Go to WordPress Admin > Super Page Cache > Settings.
- On the General tab, turn on Show Advanced Settings and click Save Settings.
- Open the Advanced tab and scroll to the Cache section.
- Turn on Enable nonce refresh.
- Click Save Settings.
- Purge the full cache once so existing cached pages rebuild with nonce-refresh support.
How nonce refresh works β
When a cacheable page is rendered, Super Page Cache Pro detects supported nonce actions and injects a lightweight refresh script into the cached HTML. The script requests fresh nonce values from:
GET /wp-json/spc/v1/nonce-refreshThe plugin then updates matching nonce values in the page so frontend actions keep working even when the page itself comes from cache.
The endpoint returns nonces only for action names that match the allowed pattern list.
WooCommerce pages still need cache exclusions β
Nonce refresh is designed for otherwise cacheable pages that happen to contain a supported nonce value. It is not a substitute for excluding user-specific or session-specific pages from cache entirely.
WooCommerce My Account, Cart, Checkout, and order-pay pages contain content that is unique per user and per session. Serving these pages from cache β even with nonce refresh enabled β causes problems such as login failures, incorrect cart contents, and checkout errors, because the cached HTML contains stale session and authentication data that nonce refresh cannot correct.
β οΈ Important: Always exclude WooCommerce My Account, Cart, Checkout, and related pages from cache. Enabling nonce refresh does not make it safe to cache these pages.
For the full exclusion setup, see How to Optimize Cache for WooCommerce Stores and Excluding URLs from Cache.
Add custom nonce action patterns β
If your theme or plugin uses custom nonce action names, you can extend the allowed pattern list with the spc_nonce_refresh_patterns filter.
Use this only for frontend nonce actions that are safe to refresh on cached pages for visitors.
Troubleshooting β
If a cached form or frontend action still fails after enabling nonce refresh:
- Confirm the page is cacheable and is actually being served from cache.
- Purge the full cache and test again.
- Verify the nonce action name matches a default allowed pattern or one you added through
spc_nonce_refresh_patterns.
WooCommerce login fails after enabling nonce refresh β
Symptom: Customers or administrators cannot log in through the WooCommerce My Account page, or the login form returns an error after enabling nonce refresh.
Root cause: The My Account page was cached and served to users with stale HTML that contains an outdated login nonce or session data. Nonce refresh updates specific supported nonce values, but it cannot fix session or authentication context embedded in cached page markup. The page itself must not be cached.
Steps to resolve:
- Go to Super Page Cache β Compatibilities.
- Under WooCommerce Settings, enable the exclusions for My Account, Cart, Checkout, and the checkout order-pay page.
- Alternatively, go to Super Page Cache β General and add the following URI patterns under the Prevent the following URIs from being cached setting:
/my-account* /cart/* /checkout/* - Click Save Settings.
- Go to Super Page Cache β Cache and purge the full cache.
- Open a private browser window and test the WooCommerce login again.
For the complete WooCommerce exclusion setup, see How to Optimize Cache for WooCommerce Stores.