The vaguest WordPress error you’ll no doubt come across at some point, which also has a whole laundry list of probable causes, is…
“Are you sure you want to do this?”
What’s frustrating about this particular error is that it could mean you made a small fixable mistake or, worse, that you’ve been hacked (though typically it’s a security issue that’s easily fixed and not always the case).
Today, we’ll uncover the meaning of this mysterious error, when and why it happens, as well as troubleshoot techniques and fixes.
Unfortunately, the “Are you sure you want to do this?” error can happen while you’re trying to accomplish a wide variety of tasks:
This isn’t by any means a complete list, but it should give you a good idea of when this error could occur.
When the error appears, it’s the only thing that’s displayed other than a link to try again, though, a second attempt usually doesn’t work.
It may seem as though this is an odd error in its phrasing since it’s not specific. The phrasing makes sense because there are so many potential causes and most of the time it’s an error that’s caused on your end. Either you made a mistake or the developer who created the plugins and themes you use made the mistake.
The wording of the error is specifically set to make you pause and think about what happened and if it’s possible that you made the mistake after all.
Here are some of the most common reasons for the error:
Before exploring troubleshooting steps and fixes, it’s important to explore the possibility that there’s a security issue since this would be a serious problem that would require special attention in order to protect your site.
In many cases, the error pops up when you try to complete an action that requires certain user permissions, but WordPress isn’t able to verify that you have access.
WordPress uses security tokens, often called nonces. They’re used to validate a user to verify that they are the owner of their account and they have the correct user role to complete the action they started.
If WordPress isn’t able to verify the security tokens, the error displays.
If your site is the subject of an attack, especially in cases of cross-site scripting (XSS) or cross-site request forgery (CSRF) attacks, you might see the error in the midst of an attack.
It could also occur if a plugin or theme has a security vulnerability or isn’t otherwise properly coded.
If this is the cause, installing and using a security plugin like Defender can help you locate and fix the vulnerability and end an attack in a few clicks. For other causes of the error, you can try the troubleshooting steps and fixes below.
Defender protects you against evil bots and hackers with automated security scans, vulnerability reports, safety recommendations, blacklist monitoring and customized hardening in just a few clicks.
Let’s take a look at several troubleshooting methods and fixes to help you resolve this error. And if you run into any troubles along the way, contact our expert support team for any kind of WordPress-related issue.
If you’re already a WPMU DEV member, our premium 24/7 support is better than free because it’s already included in your membership. There’s no need to sign up for anything else or fill out any forms. If you’re not a member yet, you can still get premium support for free with our 14-day trial.
It’s not always a fix that works, but sometimes all it takes to resolve this error is to clear your browser’s cache. If that doesn’t work, you can try clearing your cookies as well. You can check out the post How do I clear my web browser’s cache, cookies, and history? for details on how to do this across the major browsers.
If you tried to upload a theme or plugin and the error occurred, then the likeliest cause is that you tried uploading a plugin or theme package rather than the ZIP file for only the theme or plugin.
These packages often include the theme or plugin ZIP file along with other useful documents such as instructions, demo content, licensing information and other similar files. Unzip the package, then try uploading the plugin or theme file that you find among the extracted files.
In cases where you may have reached your PHP memory limit, you can check out one of our other posts, How to Increase the Maximum Upload and PHP Memory Limit in WordPress, for the fix you need.
You can also try to activate the default WordPress theme if you’re using one you selected from the Theme Repository or from a theme developer.
In cases where you’re having troubles accessing your plugins, you can access your site’s files through FTP, SSH or cPanel. Rename your theme’s folder under /wp-content/themes/your-theme/ to manually deactivate it temporarily.
You can name the folder anything you want, but it’s a good idea to keep the original name intact so you don’t forget which theme the folder is for when you go back to it later. For example, you can rename the folder to include
-deactivate at the end or something similar.
If the error goes away, the theme you were previously using is the culprit.
To fix it, you would need to contact the developer and let them know so they can create a patch and release a fix.
Similarly, you can see if any plugins you’re using are the cause of the error. Sometimes deactivating them doesn’t quite do the trick even though it’s the cause so the first thing you should try is deleting all the plugins you’re using.
If you don’t have access to your plugins page, you can use FTP, SSH or cPanel to delete the folders you find under /wp-content/plugins/. You can also rename the folders as described above if you really don’t want to delete the plugins you have installed.
Try repeating the last action you tried before the error popped up. If everything goes off without a hitch, then one of the plugins you were using is responsible.
Install and activate them one-by-one until the error comes up again. If you renamed the plugin folders, change them back to the original title to re-activate them.
When you see the error, that’s how you can determine that the last plugin you activated was the culprit. At this point, you would need to contact the plugin developer so they can fix the issue.
Another fix you can try that usually does the trick is to reset your security keys. You can find the details in our post How to Tweak wp-config.php to Protect Your WordPress Site.
If you prefer an option that doesn’t require touching code, you can install our Defender security plugin and reset your security keys in one click. Once it’s activated, go to Defender > Hardener in your admin dashboard.
Click on Update old security keys under the Issues section, then review how often you would like a reminder to update your security keys. This step is optional, but it’s also helpful because it increases your site’s security.
You can choose from the following times:
Once you have made your selection in the drop down box, go ahead and click the Regenerate Security Keys button to update your site’s security tokens automatically.
Keep in mind that once the update is complete, you will need to log in again.
Once you’re logged in, check to see if the issue has been resolved. Even if you’re free and clear, don’t uninstall Defender. It can help you keep your site secure on an ongoing basis.
If none of these troubleshooting steps or fixes resolve the error, you may have been hacked. You can go to Defender > Scan to start a search for any vulnerabilities. If any are found, you can patch them up immediately and in one click.
You may also find the following articles helpful for cleaning and securing a hacked site:
Keeping your site secure should be a priority since you could lose more than your site including your personal information and that of your users. These articles can help you keep your site and information safe.
There are a ton of reasons why the “Are you sure you want to do this?” error is displaying on your site, whether it’s human error or the result of a security vulnerability. In any case, you’re now armed with the tools you need to troubleshoot and fix this error.
It may also be helpful to note that Defender also features audit logs to help with the troubleshooting process and keep an eye on everything that happens on your site, from login attempts to creating new posts. You can check to see what users accessed and when to help you determine the cause of this annoying and equally mysterious error. Check out Track Hackers in Real-Time with Defender’s All New Audit Logs for more details.