Doesn't WP use cookies to accomplish this? I haven't seen anything in the code that suggests it's looking at the referrer; only that it checks the password stored in the cookie when the user is on pages that require it. I'm not completely intimate with the code yet, but I've done quite a lot of hacking and have yet to see this. — morganiq 10:39, 17 Dec 2004 (GMT)
This is a somewhat regular problem that is posted on the forums. Speaking of forums, I think it would be a good idea to provide a link BACK to the forum thread that explains some of this stuff so that people can see the whole "conversation". Comments on this idea, please.
A little edit question. When is "log in" called "login"? For the technical documents I've worked on, the phrase "He needed to log in to get the results" left the two words separate. But any reference to the "noun" was called "login". Example: "He went to the login and signed his name". Which would you prefer in the codex?
I would prefer that "a person must log in and to do that they use the login form." :) I like the way you suggest differentiating the action from the noun. Go with that!
As the function auth_redirect in wp-includes/functions.php indicates, there is no such thing in Wordpress. In fact, I think there never was. Validating users via the referrer is a stupid thing to do and I seriously dought anyone could do something like that ...
I just discovered something that might help it for others as well. As written here, setting the right blog URI is also important. But with the new version of Wordpress, it automatically adds port ":80" to the URI, which technically is correct, but breaks the referrer checking system. So remove that and only leave the normal url.
That did it for me...
It's pedantic, but should we spell it correctly according to standard English, or should we spell it correctly as is used in HTTP documentation around the world? See:
Also pedantic, but possibly more perplexing to extremely literal newbies: "You log in by submitting the user name and password given to you at the end of installation." If this error only occurs upon first login, by all means that's correct. If it happens after the user changes their password, they might find that statement alarming, especially if they've long since deleted the intial password.
(Yes, they can have their password emailed to them...)
This error also appears when the reffer is different from the siteurl, as configurated in the options-pane. (security-check)
It might be useful to add this as a possible cause of the error "Sorry, you need to enable sending referrers, for this feature to work."
Check your Blog URIs found in the Admin > General Options.
I posted the following at the wordpress site and figured it may do someone some good here.
<begin post 1> Ok guys, I fixed the problem and I won't say I told you so, but I did tell you so ;) The problem was with a parked domain. I had the primary domain listed in the options. We recently parked a new domain name. And yes, I had my hosting admin check the problem also. So, I just changed the switched the domain names and everything works now. Please don't come off with this, "Well, you didn't tell us about that" stuff. I told you it was a remote problem, that was pretty obvious to me, and I'm not a mcse, haha.
But, with all that said, thanks for your help guys, it's been a thrilling ride. Maybe this will help someone else that has a similar experience. <end post 1>
<begin post 2> I will post this also, maybe it will help someone. When we added a parked domain, I was worried about being penalized by the search engines for dual hosting. My system admin, which I must say is a very good one, told me to add these lines to a .htaccess file and place it in the root directory of my site.
Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^olddomain.com [NC] RewriteRule ^(.*)$ http://www.parkeddomain.org/$1 [L,R=301] RewriteCond %{HTTP_HOST} ^www.olddomain.com [NC] RewriteRule ^(.*)$ http://www.parkeddomain.org/$1 [L,R=301]
I think this .htaccess file is what was actually causing the problem. When I switched the URI addresses in WordPress options, everything worked, that is from www.olddomain.com to www.parkeddomain.org.
My host admin was going to switch the primary domain from the old to the new to see if that would help before I changed it in WordPress options. <end post 2>
1. Doubleclick on the globe in the system tray 2. Click on Privacy Control 3. Click on Configure 4. Click on Custom Level 5. Remove the check next to 'Enable Browser Privacy' 6. Click OK
Why does the article page say it needs to be edited, but then the page is protected?
I cannot enable sending referrers.. I'm brand new to trying to dig through the coding of Wordpress, so I'm about as lost as can be. I use Firefox, and tried the about:config section. I realize I sound very ignorant right now, forgive me. Can anyone explain, in about the dumbest terms you can, what I can do to enable a new theme?
WordPress 2.0.3 did not eliminate the referer check in the core files. Editing comments without sending a referrer raises the "Are you sure you want to do this" message, setting options leads always to a 404-Page. -XNeo 18:58, 14 Jun 2006 (GMT)
WordPress should use standard cookie methods without any additional referrer hocus pocus. Jidanni 01:58, 9 February 2009 (UTC)