New Feature: Earn 12 Badges

Bild

Collect up to 12 exclusive badges by sharing your plugin collections and engaging with the community.

See all Badges

Nonce

What is a “Nonce” in WordPress?

In the WordPress ecosystem, the term Nonce stands for “Number Used Once.” It represents a security token which can only be used once, ensuring that a specific action is taken only once and is initiated by the correct, authenticated user.

Why are Nonces important in WordPress?

Nonces are crucial for security reasons:

  • Protecting against CSRF attacks: A Cross-Site Request Forgery (CSRF) is a type of malicious attack where unauthorized commands are executed on behalf of an authenticated user. By using nonces, WordPress ensures that the user intentionally submits a request.
  • Verifying intent: Beyond security, nonces help verify the intent of the user. For instance, when a user wants to save a post, a nonce verifies that the user indeed intended to perform that specific action.

How do Nonces work in WordPress?

When a particular action is initiated, WordPress generates a nonce, which is unique to:

  • The specific action.
  • The user.
  • The session.
  • A limited time period.

This means the nonce can’t be used to initiate a different action, by a different user, in a different session, or after a specific amount of time has elapsed. If any of these factors change, the nonce becomes invalid.

Implementing Nonces in WordPress

WordPress offers functions to create and verify nonces:

  • wp_nonce_field() – Used to create a nonce and generate the necessary hidden field in a form.
  • wp_nonce_url() – Adds a nonce to a URL.
  • wp_verify_nonce() – Verifies a nonce.
  • check_admin_referer() and check_ajax_referer() – Used to verify the nonce for admin and AJAX operations respectively.

Conclusion

The Nonce system in WordPress plays a vital role in enhancing the security of the platform. It helps safeguard against unauthorized or malicious requests and verifies the user’s intent. WordPress developers and users should be aware of nonces and their significance in ensuring a safe and efficient user experience.

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. The WordPress® trademark is the intellectual property of the WordPress Foundation

Collections

payment methodes per

  • 1 Plugin
  • 0 Views
Payment Gateway Based Fees and Discounts for WooCommerce

SEO

  • 1 Plugin
  • 2 Views
Yoast SEO

Wordpress

  • 13 Plugins
  • 3 Views
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Yoast SEO
Site Kit by Google – Analytics, Search Console, AdSense, Speed

slider

  • 1 Plugin
  • 1 Views
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Yeer

  • 1 Plugin
  • 3 Views
Autoptimize

Optimisation Plugins

  • 1 Plugin
  • 7 Views
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN

Best Speed Plugins

  • 4 Plugins
  • 2 Views
LiteSpeed Cache
WP Fastest Cache
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance
10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Must-Have Plugins

  • 9 Plugins
  • 59 Views
Elementor Website Builder – More than Just a Page Builder
Yoast SEO
All-in-One WP Migration and Backup
Wordfence Security – Firewall, Malware Scan, and Login Security

Best Security Plugins

  • 3 Plugins
  • 3 Views
Jetpack – WP Security, Backup, Speed, & Growth
Wordfence Security – Firewall, Malware Scan, and Login Security
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Best Member Plugins

  • 5 Plugins
  • 4 Views
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Ultimate Membership Pro - WordPress Membership Plugin
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Best Recruitment Website Plugins

  • 3 Plugins
  • 5 Views
WP Job Openings – Job Listing, Career Page and Recruitment Plugin
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN
WP Job Manager

Cookie Plugins

  • 3 Plugins
  • 11 Views
CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)
Autoptimize
Complianz – GDPR/CCPA Cookie Consent

Donation Plugins

  • 2 Plugins
  • 21 Views
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
GiveWP – Donation Plugin and Fundraising Platform

Translation

  • 2 Plugins
  • 28 Views
Linguise – Automatic multilingual translation
Translate WordPress with GTranslate

Gamification

  • 3 Plugins
  • 5 Views
Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, Point Rewards, Referral Points, Reward for Points, User Badges, and Gamification
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress