Contact form’s not working when not logged in.

  • Resolved martijnschuman

    (@martijnschuman)


    3 years, 7 months ago

    Hello,

    So I’m working on a site for my work and the contact form isn’t working for visitors. It only works when I’m logged in. If I try to fill it in as a non logged in user I get a /wp-json/contact-form-7/v1/contact-forms/8/refill 403 error in the console. If I go to that actual page it also says:
    {"code":"no_access_granted","message":"Not logged in","data":{"status":403}}

    I already tried disabling each plugin one by one and all at once but I still doesn’t work. I cleared the hosting cache multiple times but still nothing. If I look in the Woocommerce status page I can see that the REST API’s working as it should. I also installed all the updates.

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)

  • I’m having the same issue. Customers could not send any mail.
    https://www.particular-sound.de/contact/customer-support/

    @martijnschuman

    the issue seems related to wp-api blocked for unlogged users. check this https://REPLACE-WITH-YOUR-DOMAIN/wp-json/contact-form-7/v1/

    usually this issue was caused by plugin like “disable wp-api”, “Disable WP REST API” etc

    to fix you need to whitelist (at least) the cf7 path

    Thread Starter martijnschuman

    (@martijnschuman)

    Thank you for your response,

    I tryed looking for a setting where I can whitelist the cf7 path but I can’t find in option. I have the following plugins installed:

    • Advanced Custom Fields
    • All In One WP Security
    • Contact Form 7
    • Contact Form CFDB7
    • Redirection for Contact Form 7
    • Duplicator
    • FileBird Lite
    • classic editor
    • Perfect Brands for WooCommerce
    • Redirection
    • Site Kit by Google
    • UpdraftPlus – Backup/Restore
    • User Role Editor
    • Woo Custom Stock Status
    • WooCommerce
    • WooCommerce Google Analytics Integration
    • WP Fastest Cache
    • Yoast SEO

    At first I thought that WP Fastest Cache was the problem but even afte deleteing all of the cache and disabling the plugin it still doen’t work. I looked in the settings of All In One WP Security and there’s a setting that says “Do not allow unauthorized REST requests: check this if you want to stop REST API access for requests not logged in” that box isn’t checked so this doesn’t have any effect.

    no wp fastest cache isn’t related to your issue but you may need to clean cache after uncheck “Do not allow unauthorized REST requests” in the All In One WP Security settings.

    after that check if the endpoint
    https://REPLACE-WITH-YOUR-DOMAIN/wp-json/contact-form-7/v1/
    has become accessible again

    Thread Starter martijnschuman

    (@martijnschuman)

    I tried it but it’s still not working, I’m now looking at another plugin as an alternative.

    Recently a user reported this plugin has an option to whitelist cf7

    https://www.ads-software.com/plugins/disable-json-api/

    In any case, I don’t understand why you would want to deny access to the api (unless you have a wp version prior to 4.7).

    Thread Starter martijnschuman

    (@martijnschuman)

    I tryed whitelisting ct7 from that plugin but it’s still not working. And I think we had a miscommunication, I don’t want the API access to be denyed. Oh and I’m running wp 5.8

    If we exclude plugins, I would assume it is your template. Try to check if there are some function blocking the api there (or rather in your child template).

    You need to find if there is something like this https://developer.www.ads-software.com/rest-api/extending-the-rest-api/adding-custom-endpoints/#permissions-callback in functions.php (or into a included file)

    ps sorry I misunderstood, I thought you wanted to block the api since you were blocking it!

    Thread Starter martijnschuman

    (@martijnschuman)

    Alright so I’m stupid. So I created this site and I saw a video online where someone explained how to improve WP security by using different filers in the function.php file. So my dump *** just copied the 155 rows of code without actually looking at the code.

    This function was all the way at the top. It literally says “Disable wp-json access if not logged in (/wp-json/wp/v2/users)”. So this line of code was the problem. I deleted the row and tested it on 3 different systems and ip addresses and it’s working as it should. 

    
// ******************** Security Start ********************** //
function fn_improve_security() {
    add_filter( 'xmlrpc_enabled', '__return_false' ); // Disable XMLRPC
    add_filter( 'rest_authentication_errors', 'fn_disable_rest_api' ); // Disable wp-json access if not logged in (/wp-json/wp/v2/users)
}
add_action( 'after_setup_theme', 'fn_improve_security' );

    Thank you really much @codekraft for your help and the suggestion for looking in the functions.php file. Apparently I during development I only tested the contact form while logged in.
    As for @tastler I suggest looking in your functions.php file for any function like the above one.

    @martijnschuman: Yep I found the issue as well (was hinted in another thread)
    [..]
    I have deactivatet the disable-wp-rest-api and went with “Cerber” in order to deactivate wp-api with whitelists – you can set there the namespace for exclusion. (contact-form-7)
    [..]
    Thanks

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Contact form’s not working when not logged in.’ is closed to new replies.