More context would be helpful. Is that all the code found in your plugin or functions file directly? Or are you hooking in to something via add_action. Anyway, what’s probably wrong is that you’re calling wp_localize_script and wp_enqueue_script outside of an action. wp_create_nonce, or, rather, the file in which it resides, has yet to be … Read more
It’s inlineeditnonce. Check line 1185 of admin-ajax.php for details.
I am also under same issues, it not only happen when you update a posts but also when you try to update your profile. Temporary fix: Log out of the wordpress panel. Clear or remove all the cookie. Log back in, remember to check remember me. This seems to solve the issue but as the … Read more
WordPress REST API call generates nonce twice on every call
No, it is not needed. If you want to show the data to some users only, you can use current_user_can( ‘some_capability’ ) to restrict the access.
The API handles the nonce for the form part because you’re using the settings_fields call, which outputs the *-options nonce, and you’re passing the data to the options.php file for saving, which checks that nonce for you before saving the settings. This part the Settings API does indeed do for you. However, your tab code … Read more
Sanitizing is required when you are inserting user input into Database or outputting it in HTML etc. Here, you are simply doing a String comparison. wp_verify_nonce function checks $nonce value like this: if ( hash_equals( $expected, $nonce ) ) { return 1; } For this you don’t need sanitizing. So the following is fine: wp_verify_nonce( … Read more
The “The link you followed has expired” message is in the function wp_nonce_ays on line 2607 of wp-includes/functions.php. Apparently, the message was changed from “Are you sure you want to do this?” in 4.9.5. The wp_nonce_ays function is called by check_admin_referer if the nonce check fails. This is the only place in the WordPress code … Read more
I think required would mean that “it doesn’t work without it”. It will work, but the question is of security and best practices. Even if it doesn’t seem necessary, it’s better to play in the safe side and do it always. You have to enqueue your JavaScript like bellow, passing PHP values (like the admin … Read more
Now I got it! WordPress is just awesome. Also Thank you knif3r, your suggestions help me lot. I am trying to explain it in my words. Please correct me, if I am wrong. What is nonce? Nonce is something like security hash to prevent attacks and mistakes. It creates unique identifiers to check if the … Read more