/wp-json/wordpress-popular-posts/v2/views/ error 403

Hi @nicole0155,

Yes, I’m seeing an HTTP Forbidden error after checking one of your site’s URLs. The error returned by your server says this:

{
    "code":"rest_cookie_invalid_nonce",
    "message":"Falha na verifica\u00e7\u00e3o do cookie",
    "data":{"status":403}
}

—

This error message you’re seeing is basically WPP failing to update the views count of your blog posts due to the server rejecting the request.

From what you said my guess is that your site cache setup -WP-Rocket + Cloudflare’s cache (?) + 24 hours cache lifetime- is a bit too greedy. Here’s why:

WordPress Popular Posts relies on a WordPress feature called nonces to, basically, make sure that its views tracking functionality isn’t abused by malicious actors. These nonces, or security tokens, have a lifetime of around 24 hours.

Said security tokens are printed onto each page, and since you’re using WP-Rocket + Cloudflare to cache your pages for 24 hours then these nonces are being cached as well and there will be some instances -as you already noticed- where they will have expired by the time some posts are loaded by the browser. In consequence, WordPress will reject all views count update requests with a 403 Forbidden error whenever said requests include an expired security token.

So:

• Reduce your site’s cache lifetime to 12 hours to make absolutely sure that nonces are always renewed after every page cache refresh; or
• Increase your nonces’ lifetime, that way chances of them expiring before your page cache does will be reduced. Keep in mind though that this isn’t great from a security standpoint: you want nonces/security tokens to expire as soon as possible to reduce chances of malicious users getting access to valid nonces that could then be used for exploits/attacks.

Marking this topic as resolved due to inactivity.

OP if there’s anything else I can help with please feel free to leave a comment below.