This post won’t go into detail about what nonces are and how they work/why they are important. There are some great posts out there that go into that really well. Here are a few:

• WordPress Nonces from the WordPress Codex
• Intro to Nonces by Pippin Williamson 
• 5 Tips for using Ajax in WordPress by Gary Cao
• Ajax Security by Paul Robinson
• WordPress Nonces by Mark Jaquith

But this post is for those who KNOW that they have set up check_ajax_referer correctly, understand how it works, and it still is not working correctly.

The solution may be simple:

For me, the issue was that the website was running on an SSL certificate. This meant that the admin_url was pointing to “https”, but the page I was looking at had loaded on “http”. This meant that to the nonce and check_ajax_referer, I was on 2 different websites. So it was correct in throwing a security error. Just something to keep in mind if you’re struggling with check_ajax_referer – even though it should be working.