“The link you followed has expired” when previewing a post

I get it a few time on my Hostnoc hosting, it happens when you have something running at the back of your WordPress (i.e. cron job or schedule backup up etc), this happens when you put a lot of usage on the server. Make sure you save each and everything before pressing publish. Furthermore, changed … Read more

How to stop _wpnonce and _wp_http_referer from appearing in URL

This issue arrises because of a couple of problems: 1) WP_List_Table::search_box() inserts the default _wpnonce and _wp_http_referer fields by using wp_nonce_field() without giving you the ability to override and say “I’ve already go a nonce field thanks”. 2) You need to use GET as your method of form submission when subclassing WP_List_Table because WP_List_Table::print_column_headers() only … Read more

Nonces and Ajax request to REST API and verification

For restricting access to your REST API endpoint, you can use the permission_callback parameter like so: register_rest_route( ‘rw-user/v1’, ‘/log-out’, array( ‘methods’ => ‘POST’, ‘callback’ => ‘ajax_logout’, ‘permission_callback’ => function () { return current_user_can( ‘read’ ); }, ) ); And that will require the current user to be logged into WordPress and also the REST API … Read more

Reduce nonce lifespan

Yes, using that filter will affect the lifespan of all nonces created after this filter is added, and while it remains in-place. So your best bet is to add it, create the nonce, remove it: function my_nonce_lifetime() { return 600; // 10 minutes } add_filter( ‘nonce_life’, ‘my_nonce_lifetime’ ); $nonce = wp_create_nonce(‘wp_rest’); remove_filter( ‘nonce_life’, ‘my_nonce_lifetime’ );

WordPress failure when logging out

This message is raised by wp_nonce_ays() which is called by check_admin_referer(). Your browser has probably not sent a referer header, so WordPress could not validate the nonce. This may be a problem in your browser settings or your network connection.

How to add WordPress nonces to ajax request

I figured it out. Simply, in my request, under data, I added “nonce” : “<?php echo wp_create_nonce( ‘refresh_my_plugin’ ); ?>” then to verify if (isset($_POST[‘refresh_my_plugin’])) if ( wp_verify_nonce( $_POST[‘nonce’], ‘refresh_my_plugin’ ) ) refresh_my_plugin(); With incorrect wp_verify_nonce, I instead get a 403, which is reflected on the button with the error handler.