Codex

Function Reference/wp create nonce

Contents

Description

Generates and returns a nonce. The nonce is generated based on the current time, the $action argument, and the current user ID.

Since it is not difficult for crackers to guess the current time and user ID, you should give a hard to guess value as the $action argument or implement a way to generate and remember a random $action value for each form sent to a user and expect that value on the future form submit.

Usage

<?php wp_create_nonce$action ); ?>

Parameters

$action
(string/int) (optional) Action name. Should give the context to what is taking place. Optional but recommended.
Default: -1

Return Values

(string) 
The one use form token.

Example 

<?php $nonce= wp_create_nonce  ('my-nonce'); ?>
<a href='myplugin.php?_wpnonce=<?php echo $nonce ?>'> ...

<?php 
$nonce=$_REQUEST['_wpnonce'];
if (! wp_verify_nonce($nonce, 'my-nonce') ) die('Security check'); 
?>

Notes

Change Log

Source File

wp_nonce_field() is located in wp-includes/pluggable.php.

Related

Nonce functions: wp_explain_nonce(), wp_nonce_ays(), wp_nonce_field(), wp_nonce_ur(), wp_verify_nonce(), wp_create_nonce(), check_admin_referer(), check_ajax_referer(), wp_referer_field()

Nonce hooks: nonce_life, nonce_user_logged_out, explain_nonce_(verb)-(noun), check_admin_referer

Resources

See also index of Function Reference and index of Template Tags.
This page is marked as incomplete. You can help Codex by expanding it.
Retrieved from "http://codex.wordpress.org/Function_Reference/wp_create_nonce"

Codex Resources