Tag Archive: nonce
Improving Nonce Security
WordPress nonces are pretty good at ensuring your ajax calls and form submissions are legit. A nonce is a coded string generated by incorporating the (logged-in) user ID, the $action string, and a timestamp-based “tick” value. The “tick” changes (globally) every 48 hours by default.
The nonce key is unique for each logged-in user. However, what if your site ...