“ACF: Unable to perform validation due to an invalid security nonce” – If you’re seeing the following error when trying to save a post or submit a form that uses Advanced Custom Fields (ACF). This issue commonly occurs on pages or post edit screens with a large number of ACF fields, especially when using complex or repeater/clone field structures. The most frequent cause is that your server’s max_input_vars PHP setting is too low to handle all the submitted fields.
When a form contains many fields, PHP may silently ignore any inputs that exceed the configured max_input_vars limit (default is often 1000). This results in essential ACF fields – including the security nonce – being dropped from the submission. When ACF tries to validate the request, it fails because the nonce is missing or incomplete.
Solution: just increase the max_input_vars value in your server’s PHP configuration. A safe value to use would be:
max_input_vars = 3000
Depending on your hosting setup, you can do this via:
- php.ini file (recommended if you have access)
- .htaccess file (for Apache servers,
php_value max_input_vars 3000) - user.ini or through cPanel’s PHP settings editor
After making the change, restart the web server or PHP-FPM if necessary.