1, the nonce lifetime is about 24 hours by default actually. take a look at wp_verify_nonce function.
To be more accurate, the lifetime is controlled by filter
apply_filters( 'nonce_life', DAY_IN_SECONDS );
2, if the lifetime value makes you doubt if it is “an implementation side-effect”, you may want to add_filter('nonce_life',create_function('$v', 'return 60*5;'));
to shorten the lifetime to 5 minutes in my example.
3, if you’re concerned about the security of your plugin, you should use csrf token instead.
Related Posts:
- Nonces and Cache
- Multiple ajax nonce requests
- Nonces, AJAX, script variables & security in WordPress
- How do I check if AJAX nonces are implemented correctly?
- WP Admin AJAX Security – using POST to include a relative URL
- ajax nonce verification failing
- Why does check_ajax_referer give a 403 error on https websites?
- Using nonce when loading posts with AJAX
- Should wordpress nonce be placed in html form or in javascript file
- Ajax Security regarding user priviliges and nonces
- How to get a unique nonce for each Ajax request?
- WordPress Ajax Data Security
- Nonces can be reused multiple times? Bug / Security issue?
- Using Nonces for AJAX that only retrieves data
- How to verify nonce from Bulk/Quick Edit in save_post?
- How to add WordPress nonces to ajax request
- Security – Ajax and Nonce use [closed]
- Nonces and Ajax request to REST API and verification
- Ajax function returns -1
- Serving nonces through AJAX is not refreshing nonce, returning 403 error
- wp_verify_nonce always returns false when logged in as admin
- ajax and nonce when JavaScript is in a seperate file
- wp_verify_nonce doesn’t return true on server when it matches the nonce
- AJAX requests broken due to HTTPS for wp-admin
- Why does WordPress Heartbeat login not refresh the nonces?
- wp-admin AJAX with Fetch API is done without user
- How to check an ajax nonce in PHP
- Can a wp_nonce created from domain 1 to be verified on domain 2?
- Is it safe to manually sign a user in using AJAX?
- how to send Ajax request in wordpress backend
- Identical wp_rest nonce returned from rest_api
- wp_create_nonce() in REST API makes user->ID zero
- SSO autologin WordPress + Ajax
- Should I check for privileges before hooking into `wp_ajax_$handle` or after?
- Nonce fails on ajax save
- Is it secure to use admin-ajax.php in front?
- Unable to successfully verify nonce
- Cache plugins and ajax nonce verification
- Nonce doesn’t validate in nopriv call
- WordPress is creating nonce as a logged in user but verifying it incorrectly
- javascript ajax and nonce
- How to check nonce lifetime value of plugins?
- 200 return code on ‘POST /wp-admin/admin-ajax.php’ while NOT logged in
- Custom RPC end-point security best pratice?
- How to prevent my external API call from being called by anyone but me (my site)
- wp_verify_nonce not working on the mobile device
- How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
- check_ajax_reffer not working when logged
- How to safely pass post_id and user_id via AJAX to the backend (prevent user from changing it via JS)?
- AJAX form not working, still reloads on submit
- How to use nonces for frontend AJAX voting if the page gets cached?
- Can I make an ajax response cross-domain?
- WordPress wp_localize_script nonce and ajax URL
- jQuery’s .on() method combined with the submit event
- Why use admin-ajax.php and how does it work?
- Including WordPress in RESTful API
- How to tie built in AJAX to an add_action?
- admin-ajax.php vs .load() in WordPress
- Ajax form submission from admin panel
- Ajax response is always 0
- Ajax is not working for logged out users
- When is it useful to use wp_verify_nonce
- WordPress AJAX Call Not Return Result
- Form data is empty while posting form through ajax using jquery in WordPress
- Nonce actions and names available via open source
- load next and previous posts by Ajax and URL update
- WordPress Ajax Problems
- How can I access the Header of and ajax response from the rest API
- Getting back to ajax search results from a page
- Updating a checkbox value to database for specific row in table
- WordPress ajax success response
- Admin WP List Table Columns Missing
- (updated) How to add AJAX error handling to a (fully) custom registration form?
- wordpress admin ajax url rename
- rest_no_route custom route
- Using infinite scroll ajax load more with search parameter
- infinite-scroll for 2 fixed height containers
- “Loadmore” button is not working in buddypress [closed]
- Uncaught ReferenceError: the_ajax_script is not defined . How is this not defined?
- Right way to include blog-header.php?
- AJAX action through direct link
- Ajax call on new site with jupiterx theme getting 400 response [closed]
- Creating an auto result search bar
- update_option is not saving an array, but saving the string ‘Array’
- Get title and featured image using Ajax
- My function containing a mysql query launched by ajax is not working in wordpress. What am I missing?
- wordpress ajax search posts
- Ajax call from Plugin using Class
- Ajax by worpdress affects called jquery inside template file
- Call public static method from ajax ‘wpcf7_mail_sent’ hook
- Update user meta via ajax from frontend, saving issue
- How to get the admin page slug using wp_loaded hook?
- Having a self updating list
- Unexpected WordPress search results
- WordPress Get Header and Footer using in Admin Area
- Tie the sending of an ajax request to WordPress hooks
- ajax page template
- apply_filters, EMBEDS and AJAX not a friends? [duplicate]
- Using Javascript Callback from plugin in a theme
- Why does my Ajax Get request give a 400 bad request?