504 Error - Are You Sure You Want to Do This?

WordPress | Updated March 2026

The "Are you sure you want to do this?" message in WordPress is a nonce verification failure, not a confirmation prompt. It appears when WordPress can't verify the security token attached to your action. This guide covers why it happens and how to fix it. If you're seeing a separate 504 Gateway Timeout error, that's a different issue covered in the second half of this article.

In This Guide

The Nonce Verification Error
Common Causes
Fixing the Nonce Error
504 Gateway Timeout
Fixing 504 Errors

Most Common Fix

This error is usually caused by a broken plugin or theme. Try deactivating all plugins by renaming the wp-content/plugins folder to plugins.bak via File Manager or FTP. If the error goes away, reactivate plugins one at a time to identify the culprit.

01. The Nonce Verification Error

WordPress uses "nonces" (number used once) as security tokens to protect against cross-site request forgery (CSRF). Every admin action (saving a post, installing a plugin, changing settings) includes a nonce that WordPress verifies before processing the request. When that verification fails, WordPress displays "Are you sure you want to do this?" instead of processing the action.

Despite the confusing wording, this is not asking for confirmation. It's telling you the security check failed. There is no "Yes" button to proceed.

02. Common Causes

Broken Plugin or Theme

The most common cause. A plugin is generating an invalid nonce, conflicting with another plugin's nonce, or has a bug in its form handling. Theme functions that hook into admin pages can also cause this.

Expired Session

WordPress nonces expire after a set time (usually 24 hours). If you left the admin panel open in a tab for a long time, the nonce attached to your next action may have expired. Refreshing the page generates a new nonce.

Corrupted Core Files

If WordPress core files (especially wp-includes/pluggable.php where nonce functions live) are corrupted or modified, nonce generation and verification can break. This sometimes happens after a failed auto-update or a malware infection.

Incorrect WordPress Address

If the WordPress Address (URL) or Site Address (URL) in Settings > General doesn't match the actual URL you're accessing the site from, nonce verification can fail because the nonce is tied to the domain.

03. Fixing the Nonce Error

Step 1: Clear Browser Cache and Cookies

Clear your browser cache and cookies for the site, then log back in. This resolves expired session issues.

Step 2: Deactivate All Plugins

If clearing the cache doesn't help, the issue is almost certainly a plugin. Since you may not be able to access the WordPress admin to deactivate plugins through the UI, do it via file manager or FTP:

# Rename the plugins directory to deactivate everything
mv /home/username/public_html/wp-content/plugins /home/username/public_html/wp-content/plugins.bak

Try logging into WordPress admin. If the error is gone, rename it back and reactivate plugins one at a time:

mv /home/username/public_html/wp-content/plugins.bak /home/username/public_html/wp-content/plugins

Step 3: Switch to a Default Theme

If the error persists with all plugins deactivated, rename your active theme's directory to force WordPress to fall back to a default theme (Twenty Twenty-Four, etc.).

Step 4: Reinstall WordPress Core

If neither plugins nor theme is the cause, reinstall core files. In cPanel's File Manager, delete everything except wp-content/, wp-config.php, and .htaccess, then upload a fresh copy of WordPress from wordpress.org. Your content, themes, and plugins are all in wp-content/ and won't be affected.

For more on recovering from corrupted WordPress files, see our hacked WordPress recovery guide.

04. 504 Gateway Timeout

A 504 error is a separate issue from the nonce error. It means the nginx reverse proxy waited too long for Apache/PHP to finish processing the request and gave up. This typically happens during:

Plugin or theme installations - Downloading and extracting a large plugin can exceed the timeout.

WordPress updates - Core updates involve downloading, extracting, and replacing dozens of files.

WooCommerce operations - Bulk product imports or order exports on large stores.

Database-heavy operations - Importing large XML files, running search-and-replace operations.

05. Fixing 504 Errors

Server-Side Adjustments

Increase the PHP max_execution_time in cPanel under "Select PHP Version" > PHP Options. The default is 30 seconds. Set it to 120 or 300 for operations that need more time. If the 504 persists, the nginx proxy timeout may need adjustment. Contact support to request an increase.

Client-side workarounds:

For plugin/theme installations that time out, upload the plugin ZIP file via FTP to wp-content/plugins/ and extract it there instead of using the WordPress admin installer.

For WordPress updates that time out, use WP-CLI via SSH: wp core update runs the update from the command line without the web server timeout constraint.

For large imports, break the import file into smaller chunks or run the import via CLI.

For general performance improvements that reduce the chance of 504 errors, see our WordPress performance guide and resource limit troubleshooting guide.

Stuck on a Persistent Error?

If the nonce error or 504 timeout keeps coming back, open a ticket and include what action triggers it and any error log entries.

Open a Support Ticket

Quick Recap: WordPress 504 and Nonce Errors

Clear cache and cookies - Fixes expired nonce sessions
Deactivate plugins - Rename the plugins folder via FTP to isolate the cause
Check WordPress URLs - WordPress Address and Site Address must match your actual domain
Increase PHP timeout - Raise max_execution_time for 504 errors on long operations
Use FTP/CLI for large operations - Bypass the web interface for installs and updates that time out

Last updated March 2026 · Browse all WordPress articles