Using nonce external of WP Admin

Nonces are not tied to the admin interface. This codex page explains them very well. Essentially, you add :

<?php wp_nonce_field('name_of_my_action', 'name_of_nonce_field'); ?>

in your form (this creates a hidden input field containing an one-time-use token). And where you’re doing the form processing you just check if the nonce is correct 

if(!wp_verify_nonce($_POST['name_of_nonce_field'], 'name_of_my_action')){
  // no permissions
}

Related Posts:

  1. How does nonce verification work?
  2. How to expire a nonce?
  3. Fatal error: Call to undefined function wp_create_nonce()
  4. How to add/retrieve the post trash link?
  5. Nonce best practices: hidden input vs. wp_localize_script?
  6. “The link you followed has expired” when previewing a post
  7. wp_verify_nonce keeps failing
  8. Handling nonce generation in AJAX registration process
  9. increase nonce lifespan
  10. wp_verify_nonce() via REST always returns false
  11. Nonce failing in IE
  12. my theme breaks WP export
  13. Why am I getting a 403 from check_admin_referer()?
  14. x-wp-nonce across domains
  15. wp_create_nonce doesn’t verify when using WP_List_Table
  16. Handling expired nonces
  17. What is really “wp_nonce_field” and how does it work? [duplicate]
  18. Cannot verify nonce
  19. wp_verify_nonce return false despite correct parameter passed
  20. WordPress JSON API nonces and Vue development server
  21. Verify a nonce in Form submission
  22. phpcs error in WordPress
  23. Stop WordPress nonces expiring
  24. Several nonces?
  25. Nonce for Trashing Item
  26. Nonce keeps failing
  27. Public posts – preventing duplicate form submissions
  28. How to obtain “wp_rest” nonce for WP Statistics plugin manually?
  29. WordPress “nonce” message
  30. CSP nonces with Cloudflare Workers
  31. Why are nonces working in Firefox but not in Chrome?
  32. wp_verfy_nonce keeps giving false
  33. Nonce – reissue with ajax poll
  34. wp_nonce_url generating invalid links
  35. How to insert wp_nonce field within echoed string
  36. Nonce check causing issues when creating new post
  37. Weird nonce validation problem
  38. Logout button in menu without “wp” in links
  39. Check nonce in the new bulk_edit_posts action
  40. wp_verify_nonce vs check_admin_referer
  41. Do I need a nonce field for every meta box I add to my custom post type admin?
  42. Can I use the same nonce for multiple requests on the same page?
  43. How to get a unique nonce for each Ajax request?
  44. Nonce retrieved from the REST API is invalid and different from nonce generated in wp_localize_script
  45. Nonces and Cache
  46. AJAX nonce with check_ajax_referer()
  47. Multiple ajax nonce requests
  48. What is nonce and how to use it with Ajax in WordPress? [duplicate]
  49. Getting “The link you followed has expired” when adding custom post [closed]
  50. Nonce in settings API with tabbed navigation
  51. WordPress “Link has expired” error on updating posts
  52. How to add WordPress nonces to ajax request
  53. Can I verify nonce which was generated on a different WP site?
  54. Headless WordPress: How to authenticate front end requests?
  55. Nonces and Ajax request to REST API and verification
  56. How to stop _wpnonce and _wp_http_referer from appearing in URL
  57. WP REST API: check if user is logged in
  58. wp_verify_nonce doesn’t return true on server when it matches the nonce
  59. Can’t GET draft posts via REST API from headless frontend
  60. Rest API invalid nonce with Backbone Client
  61. Verify Nonce returns false – Request Nonce returns correct value
  62. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  63. wp-admin AJAX with Fetch API is done without user
  64. Nonce generated 0-12 hours ago
  65. Passing a borrowed nonce through Postman fails
  66. permission_callback has no effect
  67. WP REST API – Nonce passes wp_verify_nonce even after logout
  68. Maximum lifetime for nonce
  69. Use of check_admin_referer with theme options and options.php
  70. Passing nonce at admin menu link
  71. “The link you followed has expired” & “Error while saving” messages when adding new post
  72. SSO autologin WordPress + Ajax
  73. Is nonce in PHP form and Ajax both necessary?
  74. Encountering “Wrong nonce. Action prohibitied.” when trying to alter User Role and unable to Post via WP Admin
  75. Nonce fails on ajax save
  76. My custom write panels won’t save data. What am I missing?
  77. Unable to successfully verify nonce
  78. wp_nonce_field is breaking form for reasons unknown
  79. Cache plugins and ajax nonce verification
  80. Forms and WordPress Nonce
  81. javascript ajax and nonce
  82. How to check nonce lifetime value of plugins?
  83. How to use the wpsnonce clone post link?
  84. Nonce failing with second argument
  85. How to verify which WordPress user requested the API in ASP .NET Core?
  86. Log out without confirmation request (nonce)
  87. check_admin_referer not working in custom meta box for custom post type
  88. Ajax Security regarding user priviliges and nonces
  89. 403 Forbidden on site logo image upload
  90. wp_nonce for Front-End submission form not working
  91. wp_verify_nonce fails always
  92. Nonce and widget
  93. custom metabox nonce verification fails
  94. How to use nonces for frontend AJAX voting if the page gets cached?
  95. Using Nonce for my Form
  96. Do I need to validate the nonce when using the settings api?
  97. How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
  98. $_GET[”] variable with nonce verification
  99. Is there a solution to expired nonces in forms when using full page caching that doesn’t involve configuring the cache?
  100. Nonce code vulnerability

Leave a Comment