WordPress POST data and the 404 errors: The mystery of the restricted query variables

I recently had a problem with a form submitted in WordPress returning a 404 error everytime even though it was submitting to an entirely valid URL. The form submission was managed via AJAX using jQuery.post(), so at first I assumed it was a Javascript problem – after a bit of testing, however, I discovered it was happening even if I submitted the form via PHP. I was entirely baffled by the issue (particularly because I had another form on the same site that submitted with no issues whatsoever) and spent a number of days trying to work it out – eventually I discovered the problem had nothing to do with Javascript, PHP or the server configuration, but was actually due to a restriction built into WordPress that isn’t immediately apparent.

It turns out that WordPress has a number of query variable names that are reserved for specific functions and cannot be used by any custom form on the site. In my case, I had a field called ‘name’ that was the culprit and simply changing it to ‘clientname’ fixed my problem entirely. The problem is that instead of giving a helpful error, WordPress just returns a 404 with no explanation about what went wrong or why it happened – even with debug mode on there is nothing helpful. This, as you can imagine, is particularly frustrating.

I haven’t found any official documentation listing the reserved variables, but there is this user-created page in the WordPress Codex that has a list of them (based on the variables used by WP_Query). I’m not sure how complete it is, but it seems fairly comprehensive.

Seeing as though I struggled with this for a few days, I thought I would share the solution here to help anyone else who might be having a similar issue.

8 responses to “WordPress POST data and the 404 errors: The mystery of the restricted query variables”

Mike

February 26, 2014 at 7:45 pm

Awesome! I was just having this exact same problem. Although the ajax request had been working fine for the past year, it just stopped working all of a sudden today. Turns out this was the issue. Thanks a lot!

Reply
1. Hugh Lashbrooke
  
  February 26, 2014 at 7:57 pm
  
  I’m glad this post could help someone else 🙂
  
  Reply
Ashish

December 25, 2014 at 7:23 am

Thanks 🙂

I was thinking issue is related to mod_security but changing fields name solved my problem.

Reply
msolla

November 3, 2015 at 11:15 am

Cool.
Probably, wp-includes/class-wp.php file for the arrays $public_query_vars and $private_query_vars are the noums that are forbiden:
$public_query_vars = array(‘m’, ‘p’, ‘posts’, ‘w’, ‘cat’, ‘withcomments’, ‘withoutcomments’, ‘s’, ‘search’, ‘exact’, ‘sentence’, ‘calendar’, ‘page’, ‘paged’, ‘more’, ‘tb’, ‘pb’, ‘author’, ‘order’, ‘orderby’, ‘year’, ‘monthnum’, ‘day’, ‘hour’, ‘minute’, ‘second’, ‘name’, ‘category_name’, ‘tag’, ‘feed’, ‘author_name’, ‘static’, ‘pagename’, ‘page_id’, ‘error’, ‘comments_popup’, ‘attachment’, ‘attachment_id’, ‘subpost’, ‘subpost_id’, ‘preview’, ‘robots’, ‘taxonomy’, ‘term’, ‘cpage’, ‘post_type’);
$private_query_vars = array(‘offset’, ‘posts_per_page’, ‘posts_per_archive_page’, ‘showposts’, ‘nopaging’, ‘post_type’, ‘post_status’, ‘category__in’, ‘category__not_in’, ‘category__and’, ‘tag__in’, ‘tag__not_in’, ‘tag__and’, ‘tag_slug__in’, ‘tag_slug__and’, ‘tag_id’, ‘post_mime_type’, ‘perm’, ‘comments_per_page’, ‘post__in’, ‘post__not_in’);

Reply
dfree

August 23, 2016 at 11:44 pm

I spent way too much time trying to fix this issue and it turns out it was a simple data name!! This post just saved me. Thanks!

Reply
Nuc

June 25, 2017 at 4:29 am

THANK YOU SO MUCH ! I was getting nut.

Reply
cyrilpallasigui

June 6, 2019 at 5:22 am

Thank you so much for this! If only I found this post earlier, it would’ve saved me a lot of time and frustration. Indeed, the variable “name” was the culprit. I hope this post helps a lot more people!

Reply
[坑] wordpress用ajax變數過去總是回傳404-WordPress via POST data and return the 404 errors – 小事一樁-網站問題

October 15, 2020 at 4:11 pm

[…] WordPress POST data and the 404 errors: The mystery of the restricted query variables […]

Reply