So I've been stuck on this problem for quite a while now and it feels like I've tried everything. I would love for some support here.
Setup
- A WordPress multisite with Bedrock structure
- PHP 7.3.17 (local) and PHP 7.2.24 (live)
- Apache
- Themes: Custom "mother theme" and child themes for each site.
Problem
The first site among the multisites seem to have some kind of structural problem. The other sites works just fine.
When previewing drafts on posts and pages the user (including superadmin) gets a message: Sorry, you are not allowed to preview drafts. I've tracked it down to _show_post_preview() in wp-includes/revision.php and it seems like the nonce check fails.
A similar problem occurs when customizing the site. When trying to save changes you get: You need a higher level of permission. Sorry, you are not allowed to customize this site. This error is thrown in wp-admin/js/customize-controls.js in function cheatin() which seem to be used when the nonce is off.
What I've tried (no luck)
- Deactivating all plugins
- Switching to one of the other child themes that works on their sites
- Clear WordPress cache
- Clear browser cache
- Creating the nonce by myself in the
preview_post_linkfilter. - Double, triple check
.htaccessandwp-config.php(in Bedrock:config/application.php)
My .htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
RewriteRule . index.php [L]