If you’ve ever been hit with the message: “Authentication Failed. ACF could not perform authentication because the server did not receive a nonce,” you know how frustrating it is. You’ve spent an hour editing a complex page, hit “Update,” and everything seems to vanish.
I’ve seen this many times. It’s not a “bug” in ACF—it’s just your server being a bit too strict.
Why does this happen?
WordPress uses a “nonce” (a security token) to verify that it’s really you saving the data. When you have a lot of ACF fields, the request becomes huge. Most servers have a limit called max_input_vars (usually set to 1,000). If you have 1,001 items, the server “cuts” the last one—which is often the security nonce. No nonce, no save.
How to fix it (The simple way)
For OpenLiteSpeed (What we use for high performance)
OpenLiteSpeed is fast, but its config is unique. Find your Virtual Host .conf and add this warm little block:
phpIniOverride {
php_value max_input_vars 10000
}For Nginx web server
Nginx is a bit more manual. You’ll need to edit your php.ini file (often in /etc/php/8.x/fpm/):
max_input_vars = 10000Don’t forget to restart PHP-FPM: sudo systemctl restart php8.x-fpm
For Apache
The old faithful. Just drop this into your .htaccess:
php_value max_input_vars 10000