What is Nonce in WordPress? Why Nonce is Required?

//What is Nonce in WordPress? Why Nonce is Required?

Nonce stands for Number used once.

Nonce is a token which is a series of letters and numbers generated by WordPress. It is used to protect against malicious hacks and attacks such as Cross-Site Request Forgery (CSRF) attacks. This attack tricks people into clicking on a link that can cause harm to your website.

A nonce can be attached to a URL, form or an AJAX request. When the particular URL, form or AJAX request is used for any task such as editing a blog post or deleting a blog post etc., the nonce will be checked. If it is present and available, the action will be carried out else the action will be aborted considering as an attack.What is Nonce in WordPress? Why it is needed in WordPress?

The nonce is valid for 12-24 hours by default but it can be changed via code.

There are two aspects to a nonce โ€“ creation and verification.

A nonce can be created in different ways (while submitting a form):

A nonce can be verified in these ways (after submitting a form):

If you are a developer then you shall refer to examples on Nonce creation and verification. Otherwise, all you have to know that Nonce is used for securing all the form submission (for example, blog post submit, comment edit etc.) in WordPress.

WordPress Glossary โ€“ A to Z WordPress Terms and Meanings

List of “A to Z” WordPress Related Terms

2018-03-04T15:29:05+00:00

About the Author:

I love-to-code, passionate-to-write, an upcoming author, and WordPress enthusiast. Here at BlashO, I mostly share WordPress tips. Connect with me @Twitter.

Leave A Comment