Codex tools: Log in
Generates and returns a nonce. The nonce is generated based on the current time, the $action argument, and the current user ID.
Since it is not difficult for crackers to guess the current time and user ID, you should give a hard to guess value as the $action argument or implement a way to generate and remember a random $action value for each form sent to a user and expect that value on the future form submit.
<?php wp_create_nonce( $action ); ?>
<?php $nonce= wp_create_nonce ('my-nonce'); ?> <a href='myplugin.php?_wpnonce=<?php echo $nonce ?>'> ... <?php $nonce=$_REQUEST['_wpnonce']; if (! wp_verify_nonce($nonce, 'my-nonce') ) die('Security check'); ?>
wp_nonce_field() is located in