Invalid request - new plugin installation and setup

I have followed the steps outlined for installation and setup of wp-discourse. Pinned here and on the wp-discourse git wiki.

When I navigate to my discourse forum and click login, I am presented with the wordpress login screen. After entering credentials, the page displays invalid request and the url reads:

Where do I begin to check for what might be going wrong?


Have you set the ‘sso secret’ on both the Discourse forum and on WordPress? They need to be set to the same value.


Yay! It was a mismatched secret! Thank you!


I would just like to add to this, I was having the same exact issue as @homebrewhops with the sso redirecting to login page, and after logging in seeing “invalid request” In my case however., I did not have a mismatched secret. The secret I was using was: DT>ZMF7a6Q$WesK . The Wordpress discourse plugin specifies:

The secret key used to verify Discourse SSO requests. Set it to a string of text, at least 10 characters long. It needs to match the key set at

one or several of the characters used in my SSO Secret Key was causing the error. So do make sure that it is a “string of text” as specified, also numbers did work for me, so just the special characters should be avoided.

The PrimeTime WordPress + Discourse SSO plugin had no problem authenticating with this same SSO key, so I’m certain the ability to use special characters could be implemented into the official Discourse App.

Anyway I hope this may help someone that is having trouble as I did and can save you some time. Good Luck.

DT>ZMF7a6Q$WesK should work for the SSO secret. If a space is added at the start or the end of the key, the plugin isn’t stripping the space. Discourse does trim spaces when it saves the key. Maybe that was the problem.


It could be that it was related to something else, because I did make sure that there were no spaces at the beginning or left at the end of the key on both the Wordpress and Discourse sides. I do have a custom wp-login.php that things get redirected to so maybe that was the issue?

Have you customised wp-login.php directly or just modified login from your theme’s functions.php

I added a rewrite rule to the .htaccess file:

RewriteRule ^wp-signup.php(.*)$ wp-content/themes/divi-child/wp-signup.php$1

and after copying over the wp-signup.php to the child theme, made a few edits, but that was just to text on the page no code.