Using nonce external of WP Admin

Nonces are not tied to the admin interface. This codex page explains them very well. Essentially, you add :

<?php wp_nonce_field('name_of_my_action', 'name_of_nonce_field'); ?>

in your form (this creates a hidden input field containing an one-time-use token). And where you’re doing the form processing you just check if the nonce is correct 

if(!wp_verify_nonce($_POST['name_of_nonce_field'], 'name_of_my_action')){
  // no permissions
}

Related Posts:

  1. How does nonce verification work?
  2. How to expire a nonce?
  3. Fatal error: Call to undefined function wp_create_nonce()
  4. How to add/retrieve the post trash link?
  5. Nonce best practices: hidden input vs. wp_localize_script?
  6. “The link you followed has expired” when previewing a post
  7. wp_verify_nonce keeps failing
  8. Handling nonce generation in AJAX registration process
  9. increase nonce lifespan
  10. wp_verify_nonce() via REST always returns false
  11. Nonce failing in IE
  12. my theme breaks WP export
  13. Why am I getting a 403 from check_admin_referer()?
  14. x-wp-nonce across domains
  15. wp_create_nonce doesn’t verify when using WP_List_Table
  16. Handling expired nonces
  17. What is really “wp_nonce_field” and how does it work? [duplicate]
  18. Cannot verify nonce
  19. wp_verify_nonce return false despite correct parameter passed
  20. WordPress JSON API nonces and Vue development server
  21. Verify a nonce in Form submission
  22. phpcs error in WordPress
  23. Stop WordPress nonces expiring
  24. Several nonces?
  25. Nonce for Trashing Item
  26. Nonce keeps failing
  27. Public posts – preventing duplicate form submissions
  28. How to obtain “wp_rest” nonce for WP Statistics plugin manually?
  29. WordPress “nonce” message
  30. CSP nonces with Cloudflare Workers
  31. Why are nonces working in Firefox but not in Chrome?
  32. wp_verfy_nonce keeps giving false
  33. Nonce – reissue with ajax poll
  34. wp_nonce_url generating invalid links
  35. How to insert wp_nonce field within echoed string
  36. Nonce check causing issues when creating new post
  37. Weird nonce validation problem
  38. Logout button in menu without “wp” in links
  39. Are Nonces Useless?
  40. How to use nonce with front end submission form?
  41. Extend WordPress (4.x) session and nonce
  42. Nonces can be reused multiple times? Bug / Security issue?
  43. How do WordPress Nonces Work?
  44. Verify nonce in REST API?
  45. Using nonce in menu item
  46. Do I require the use of nonce?
  47. WordPress REST API call generates nonce twice on every call
  48. Handling nonces for actions from guests to logged-in users
  49. WordPress failure when logging out
  50. Security – Ajax and Nonce use [closed]
  51. Undefined index: at_nonce in custom post metabox
  52. “Notice: Undefined index:” error when adding new content?
  53. Custom Meta Boxes – Nonce Issue – Move to trash issue
  54. Properly applying nonce to a form using AJAX
  55. When is it useful to use wp_verify_nonce
  56. WordPress password reset – why post rp_key?
  57. How to save multiple metaboxes?
  58. Nonce actions and names available via open source
  59. Nonces, AJAX, script variables & security in WordPress
  60. Why does WordPress Heartbeat login not refresh the nonces?
  61. How to get the wpnonce value?
  62. When must I use and verify nonce?
  63. How do I check if AJAX nonces are implemented correctly?
  64. What SQL / WordPress queries would need a nonce?
  65. wp_nonce_url to users.php for deleting user not working
  66. wp_verify_nonce not working
  67. Identical wp_rest nonce returned from rest_api
  68. WP nonce invalid
  69. wp_create_nonce function doesn’t work inside a plugin?
  70. Nonce failing on form submission
  71. Draft preview and customize permission problems on multisite main site
  72. Why ajax doesn’t work on certain wordpress hooks and reload the page instead?
  73. Why ajax doesn’t work on certain wordpress hooks?
  74. Custom login doesn’t work properly
  75. Is there value in using a wp_nonce for POST requests?
  76. wp_nonce_field displaying twice
  77. Is it safe to use a global wp nonce per user instead of a nonce per action?
  78. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  79. Backbone with custom rest endpoints
  80. Restrict Access without Creating Users
  81. How to use nonce
  82. Re-use Nonce in Repeating Event Signup Buttons
  83. How to add a WordPress Nonce for this form to avoid CSRF
  84. Using nonce when loading posts with AJAX
  85. Saving custom data via ajax with nonces
  86. Log in user using WordPress REST API
  87. WP_List_Table Inside Metabox With Bulk Actions Not Working on Submit
  88. wp_verify_nonce not working on the mobile device
  89. How to not cache nonces with WP Rocket?
  90. How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
  91. whether a nonce is required for get type and get_query_var?
  92. Unable to update plugins or log out
  93. Does it make sense to check a nonce on user log in?
  94. How can I verify WordPress nonce from the following code?
  95. AJAX form not working, still reloads on submit
  96. CSRF attack to create USER
  97. Register rest field authentication with REST API
  98. Create nonce in frontend page to edit profile
  99. when saveing $meta_box i get Undefined index error
  100. WordPress wp_localize_script nonce and ajax URL

Leave a Comment