What is Nonce in WordPress? Why Nonce is Required?

Nonce stands for Number used once.

Nonce is a token which is a series of letters and numbers generated by WordPress. It is used to protect against malicious hacks and attacks such as Cross-Site Request Forgery (CSRF) attacks. This attack tricks people into clicking on a link that can cause harm to your website.

A nonce can be attached to a URL, form or an AJAX request. When the particular URL, form or AJAX request is used for any task such as editing a blog post or deleting a blog post etc., the nonce will be checked. If it is present and available, the action will be carried out else the action will be aborted considering as an attack.What is Nonce in WordPress? Why it is needed in WordPress?

The nonce is valid for 12-24 hours by default but it can be changed via code.

There are two aspects to a nonce – creation and verification.

A nonce can be created in different ways (while submitting a form):

A nonce can be verified in these ways (after submitting a form):

If you are a developer then you shall refer to examples on Nonce creation and verification. Otherwise, all you have to know that Nonce is used for securing all the form submission (for example, blog post submit, comment edit etc.) in WordPress.

WordPress Glossary – A to Z WordPress Terms and Meanings
List of “A to Z” WordPress Related Terms

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website at WordPress.com
Get started