Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

What is: Nonce


In WordPress, a nonce is a security feature used to protect URLs and forms from being hacked. This is done by adding a unique single-use number to a URL.

For example, when you delete a comment from the comment moderation screen, WordPress adds a nonce key to the URL like this:

http://www.example.com/wp-admin/comment.php?c=16570&action=deletecomment&_wpnonce=389c3b47b9

Glossary: Nonce

How Do Nonces Protect Your WordPress Site?

Some WordPress functions and features use a query string in the URL to perform certain actions. Nonces are used to randomize these strings so they can’t be guessed and misused by hackers.

WordPress uses the constants NONCE_SALT and NONCE_KEY to generate unique nonces. These nonce salts and security keys, along with other unique keys, are stored in wp-config.php file and are unique to each WordPress site.

Nonce Verification and Error Messages

When a URL with a nonce key is executed, it goes through a verification check.

If this check fails, then WordPress returns a 403 Forbidden response and an error message, Are you sure you want to do this?.

This error may be caused by a poorly coded plugin or theme, which causes the nonce verification to fail.

To fix this issue, a user can turn off all plugins and activate them one by one to figure out which one of them is causing the error.

For themes, switching back to a default theme and then trying to reproduce the error could point out that the previous theme in use was causing the issue.

We hope this article helped you learn more about nonces in WordPress. You may also want to see our Additional Reading list below for related articles on useful WordPress tips, tricks, and ideas.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Additional Reading

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!