1, the nonce lifetime is about 24 hours by default actually. take a look at wp_verify_nonce function.
To be more accurate, the lifetime is controlled by filter
apply_filters( 'nonce_life', DAY_IN_SECONDS );
2, if the lifetime value makes you doubt if it is “an implementation side-effect”, you may want to add_filter('nonce_life',create_function('$v', 'return 60*5;')); to shorten the lifetime to 5 minutes in my example.
3, if you’re concerned about the security of your plugin, you should use csrf token instead.
Related Posts:
- Nonces and Cache
- Multiple ajax nonce requests
- Nonces, AJAX, script variables & security in WordPress
- How do I check if AJAX nonces are implemented correctly?
- WP Admin AJAX Security – using POST to include a relative URL
- ajax nonce verification failing
- Why does check_ajax_referer give a 403 error on https websites?
- Using nonce when loading posts with AJAX
- Should wordpress nonce be placed in html form or in javascript file
- Ajax Security regarding user priviliges and nonces
- How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
- How to get a unique nonce for each Ajax request?
- WordPress Ajax Data Security
- Nonces can be reused multiple times? Bug / Security issue?
- Using Nonces for AJAX that only retrieves data
- How to verify nonce from Bulk/Quick Edit in save_post?
- How to add WordPress nonces to ajax request
- Security – Ajax and Nonce use [closed]
- Nonces and Ajax request to REST API and verification
- Ajax function returns -1
- Serving nonces through AJAX is not refreshing nonce, returning 403 error
- wp_verify_nonce always returns false when logged in as admin
- ajax and nonce when JavaScript is in a seperate file
- wp_verify_nonce doesn’t return true on server when it matches the nonce
- AJAX requests broken due to HTTPS for wp-admin
- Why does WordPress Heartbeat login not refresh the nonces?
- wp-admin AJAX with Fetch API is done without user
- How to check an ajax nonce in PHP
- Can a wp_nonce created from domain 1 to be verified on domain 2?
- Is it safe to manually sign a user in using AJAX?
- how to send Ajax request in wordpress backend
- Identical wp_rest nonce returned from rest_api
- wp_create_nonce() in REST API makes user->ID zero
- SSO autologin WordPress + Ajax
- Should I check for privileges before hooking into `wp_ajax_$handle` or after?
- Nonce fails on ajax save
- Is it secure to use admin-ajax.php in front?
- Unable to successfully verify nonce
- Cache plugins and ajax nonce verification
- Nonce doesn’t validate in nopriv call
- WordPress is creating nonce as a logged in user but verifying it incorrectly
- javascript ajax and nonce
- How to check nonce lifetime value of plugins?
- 200 return code on ‘POST /wp-admin/admin-ajax.php’ while NOT logged in
- Custom RPC end-point security best pratice?
- How to prevent my external API call from being called by anyone but me (my site)
- wp_verify_nonce not working on the mobile device
- How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
- check_ajax_reffer not working when logged
- How to safely pass post_id and user_id via AJAX to the backend (prevent user from changing it via JS)?
- AJAX form not working, still reloads on submit
- How to use nonces for frontend AJAX voting if the page gets cached?
- Can I make an ajax response cross-domain?
- WordPress wp_localize_script nonce and ajax URL
- How does the security of admin_ajax.php work?
- jQuery’s .on() method combined with the submit event
- Why is die() used at the end of function that handles an Ajax request?
- Making my AJAX powered WordPress Crawlable
- admin-ajax.php vs .load() in WordPress
- AJAX call using admin-ajax URL is returning 400 bad request
- Ajax response is always 0
- Ajax is not working for logged out users
- WP Ajax Action Not Picking Up Query String Parameter
- When is it useful to use wp_verify_nonce
- Ajax Redirect role = ‘Editor’ to their Dashboard after register
- Nonce actions and names available via open source
- Force redirect not logged in user to (wp-login.php or wp-admin) for specific page
- Updating a checkbox value to database for specific row in table
- Load JavaScript from a post that’s loading into Fancybox via ajax
- Gravity form Load By Ajax Cannot Submit – Error 400
- How to implement secure frontend image upload? [closed]
- How to make registration form ajax?
- Specify ABSPATH in jQuery url
- 403 error When i send ajax request on WordPress website
- Ajax Call 400 Bad Request error with POST request but not with GET request
- While Ajax is working well, media upload isn’t showing the imagines
- How can I call an api before user login
- Problems with wordpress nonces in Ajax call
- why does not work ajax that add_action registered in wordpress
- How to get post from pure frontend AJAX (using only post ID)?
- Auto load subcategories content with ajax
- Multiple AJAX requests using the same ajax_object.ajaxurl
- Is there a better way to access transients using javascript
- Filter custom post types by custom field using AJAX
- Refresh loop of custom posts (div) after new post is published
- Use ajax request to load sidebar
- Updating failed. The response is not a valid JSON response. specific to my browser when I include javascript in my html
- how to make sure js is enabled before executing php function
- jQuery AJAX url wit variable
- Using existing ajax data that is loaded into page
- Ajax WordPress pass post URLs
- Infinite Scroll
- How to use AJAX to check if user is still logged-in?
- Closing ajax function file with die() causes error and empty page
- How to load wordpress sidebar using AJAX [duplicate]
- How To Pass Ajax Value to PHP Query?
- PHP cookie not set within AJAX call
- WordPress Ajax send response on every iteration of a loop
- WordPress send Ajax where click button
- contact form 7 form not working in admin panel