Cannot verify nonce

What you are doing wrong is using nonce in a context it was not intended to be used in. nonces should be used on web pages for logged in users, not just a random “it has something to do with security so it has to be right” kind of measure ;).

If you need to validated the authenticity of the link you have sent, just use an md5 hash (or any other hash generator) based on whatever long term “secret” information you have on the user. At the best case, nonces “live” for 48 hours, while emails might be opened later then that.

Related Posts:

  1. How does nonce verification work?
  2. How to expire a nonce?
  3. Fatal error: Call to undefined function wp_create_nonce()
  4. How to add/retrieve the post trash link?
  5. Using nonce external of WP Admin
  6. Nonce best practices: hidden input vs. wp_localize_script?
  7. “The link you followed has expired” when previewing a post
  8. wp_verify_nonce keeps failing
  9. Handling nonce generation in AJAX registration process
  10. increase nonce lifespan
  11. wp_verify_nonce() via REST always returns false
  12. Nonce failing in IE
  13. my theme breaks WP export
  14. Why am I getting a 403 from check_admin_referer()?
  15. x-wp-nonce across domains
  16. wp_create_nonce doesn’t verify when using WP_List_Table
  17. Handling expired nonces
  18. What is really “wp_nonce_field” and how does it work? [duplicate]
  19. wp_verify_nonce return false despite correct parameter passed
  20. WordPress JSON API nonces and Vue development server
  21. Verify a nonce in Form submission
  22. phpcs error in WordPress
  23. Stop WordPress nonces expiring
  24. Several nonces?
  25. Nonce for Trashing Item
  26. Nonce keeps failing
  27. Public posts – preventing duplicate form submissions
  28. How to obtain “wp_rest” nonce for WP Statistics plugin manually?
  29. WordPress “nonce” message
  30. CSP nonces with Cloudflare Workers
  31. Why are nonces working in Firefox but not in Chrome?
  32. wp_verfy_nonce keeps giving false
  33. Nonce – reissue with ajax poll
  34. wp_nonce_url generating invalid links
  35. How to insert wp_nonce field within echoed string
  36. Nonce check causing issues when creating new post
  37. Weird nonce validation problem
  38. Logout button in menu without “wp” in links
  39. Check nonce in the new bulk_edit_posts action
  40. How to get a unique nonce for each Ajax request?
  41. Nonce retrieved from the REST API is invalid and different from nonce generated in wp_localize_script
  42. Are Nonces Useless?
  43. How to use nonce with front end submission form?
  44. Extend WordPress (4.x) session and nonce
  45. How do WordPress Nonces Work?
  46. AJAX nonce with check_ajax_referer()
  47. Verify nonce in REST API?
  48. Do I require the use of nonce?
  49. Getting “The link you followed has expired” when adding custom post [closed]
  50. Handling nonces for actions from guests to logged-in users
  51. How to add WordPress nonces to ajax request
  52. Can I verify nonce which was generated on a different WP site?
  53. Security – Ajax and Nonce use [closed]
  54. Undefined index: at_nonce in custom post metabox
  55. “Notice: Undefined index:” error when adding new content?
  56. WP REST API: check if user is logged in
  57. How to save multiple metaboxes?
  58. Can’t GET draft posts via REST API from headless frontend
  59. Rest API invalid nonce with Backbone Client
  60. How to get the wpnonce value?
  61. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  62. Nonce generated 0-12 hours ago
  63. Passing a borrowed nonce through Postman fails
  64. Maximum lifetime for nonce
  65. Use of check_admin_referer with theme options and options.php
  66. Passing nonce at admin menu link
  67. Encountering “Wrong nonce. Action prohibitied.” when trying to alter User Role and unable to Post via WP Admin
  68. Bypass nonce value while trashing a post
  69. wp_nonce_field displaying twice
  70. Is it safe to use a global wp nonce per user instead of a nonce per action?
  71. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  72. How to verify nonces in bulk?
  73. Backbone with custom rest endpoints
  74. Restrict Access without Creating Users
  75. How to use nonce
  76. Re-use Nonce in Repeating Event Signup Buttons
  77. How to add a WordPress Nonce for this form to avoid CSRF
  78. Using nonce when loading posts with AJAX
  79. Saving custom data via ajax with nonces
  80. Log in user using WordPress REST API
  81. WP_List_Table Inside Metabox With Bulk Actions Not Working on Submit
  82. wp_verify_nonce not working on the mobile device
  83. How to not cache nonces with WP Rocket?
  84. How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
  85. whether a nonce is required for get type and get_query_var?
  86. Unable to update plugins or log out
  87. Does it make sense to check a nonce on user log in?
  88. How can I verify WordPress nonce from the following code?
  89. AJAX form not working, still reloads on submit
  90. CSRF attack to create USER
  91. Register rest field authentication with REST API
  92. Create nonce in frontend page to edit profile
  93. when saveing $meta_box i get Undefined index error
  94. WordPress wp_localize_script nonce and ajax URL
  95. Rest API nonce is being cached
  96. How to add a nonce check correctly to this specific code?
  97. Is Nonce Verification (CSRF) required for WordPress Custom Bulk User Actions?
  98. Nonce validation in REST API
  99. How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
  100. $_GET[”] variable with nonce verification