wp_create_nonce( string|int $action = -1 ): string
Creates a cryptographic token tied to a specific action, user, user session, and window of time.
Parameters
$actionstring|int Optional-
Scalar value to add context to the nonce.
Default:
-1
Return
string The token.
More Information
The function should be called using the init or any subsequent action hook. Calling it outside of an action hook can lead to problems, see the ticket #14024 for details.
Source
File: wp-includes/pluggable.php. View all references
function wp_create_nonce( $action = -1 ) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
}
$token = wp_get_session_token( $action );
$i = wp_nonce_tick( $action );
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
}
Hooks
- apply_filters( 'nonce_user_logged_out',
int $uid ,string|int $action ) -
Filters whether the user who generated the nonce is logged out.
Related
Uses
| Uses | Description |
|---|---|
| wp_get_session_token() wp-includes/user.php | Retrieves the current session token from the logged_in cookie. |
| wp_nonce_tick() wp-includes/pluggable.php | Returns the time-dependent variable for nonce creation. |
| wp_hash() wp-includes/pluggable.php | Gets hash of given string. |
| wp_get_current_user() wp-includes/pluggable.php | Retrieves the current user object. |
| apply_filters() wp-includes/plugin.php | Calls the callback functions that have been added to a filter hook. |
Used By
| Used By | Description |
|---|---|
| wp_refresh_metabox_loader_nonces() wp-admin/includes/misc.php | Refresh nonces used with meta boxes in the block editor. |
| WP_Site_Health::wp_cron_scheduled_check() wp-admin/includes/class-wp-site-health.php | Runs the scheduled event to check and update the latest site health status for the website. |
| WP_Privacy_Data_Removal_Requests_List_Table::column_email() wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Actions column. |
| WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps() wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Next steps column. |
| wp_ajax_rest_nonce() wp-admin/includes/ajax-actions.php | Ajax handler to renew the REST API nonce. |
| WP_Privacy_Data_Export_Requests_List_Table::column_email() wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Actions column. |
| WP_Privacy_Data_Export_Requests_List_Table::column_next_steps() wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Displays the next steps column. |
| resume_theme() wp-admin/includes/theme.php | Tries to resume a single theme. |
| WP_Site_Health::get_test_rest_availability() wp-admin/includes/class-wp-site-health.php | Tests if the REST API is accessible. |
| WP_Site_Health::enqueue_scripts() wp-admin/includes/class-wp-site-health.php | Enqueues the site health scripts. |
| resume_plugin() wp-admin/includes/plugin.php | Tries to resume a single plugin. |
| WP_REST_Autosaves_Controller::prepare_item_for_response() wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php | Prepares the revision for the REST response. |
| wp_default_packages_inline_scripts() wp-includes/script-loader.php | Adds inline scripts required for the WordPress JavaScript packages. |
| wp_refresh_heartbeat_nonces() wp-admin/includes/misc.php | Adds the latest Heartbeat and REST-API nonce to the Heartbeat response. |
| WP_Customize_Manager::handle_load_themes_request() wp-includes/class-wp-customize-manager.php | Loads themes into the theme browsing/installation UI. |
| wp_localize_community_events() wp-includes/script-loader.php | Localizes community events data that needs to be passed to dashboard.js. |
| wp_ajax_install_theme() wp-admin/includes/ajax-actions.php | Ajax handler for installing a theme. |
| wp_ajax_install_plugin() wp-admin/includes/ajax-actions.php | Ajax handler for installing a plugin. |
| WP_Customize_Manager::get_nonces() wp-includes/class-wp-customize-manager.php | Gets nonces for the Customizer. |
| WP_Customize_Nav_Menus::filter_nonces() wp-includes/class-wp-customize-nav-menus.php | Adds a nonce for customizing menus. |
| rest_cookie_check_errors() wp-includes/rest-api.php | Checks for errors when using cookie-based authentication. |
| WP_Comments_List_Table::handle_row_actions() wp-admin/includes/class-wp-comments-list-table.php | Generates and displays row actions links. |
| WP_Media_List_Table::column_parent() wp-admin/includes/class-wp-media-list-table.php | Handles the parent column output. |
| WP_Customize_Widgets::refresh_nonces() wp-includes/class-wp-customize-widgets.php | Refreshes the nonce for widget updates. |
| WP_Customize_Background_Image_Control::enqueue() wp-includes/customize/class-wp-customize-background-image-control.php | Enqueue control related scripts/styles. |
| wp_image_editor() wp-admin/includes/image-edit.php | Loads the WP image-editing interface. |
| wp_refresh_post_nonces() wp-admin/includes/misc.php | Checks nonce expiration on the New/Edit Post screen and refresh if needed. |
| install_plugins_favorites_form() wp-admin/includes/plugin-install.php | Shows a username form for the favorites page. |
| _wp_dashboard_recent_comments_row() wp-admin/includes/dashboard.php | Outputs a row for the Recent Comments widget. |
| activate_plugin() wp-admin/includes/plugin.php | Attempts activation of plugin in a “sandbox” and redirects on success. |
| WP_Plugin_Install_List_Table::display_rows() wp-admin/includes/class-wp-plugin-install-list-table.php | |
| compression_test() wp-admin/includes/template.php | Tests support for compressing JavaScript from PHP. |
| _list_meta_row() wp-admin/includes/template.php | Outputs a single row of public meta data in the Custom Fields meta box. |
| edit_form_image_editor() wp-admin/includes/media.php | Displays the image and editor in the post editor |
| get_media_item() wp-admin/includes/media.php | Retrieves HTML form for modifying the image attachment. |
| media_upload_form() wp-admin/includes/media.php | Outputs the legacy media upload form. |
| _admin_notice_post_locked() wp-admin/includes/post.php | Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
| post_preview() wp-admin/includes/post.php | Saves a draft or manually autosaves for the purpose of showing a post preview. |
| wp_ajax_query_themes() wp-admin/includes/ajax-actions.php | Ajax handler for getting themes from themes_api() . |
| wp_ajax_replyto_comment() wp-admin/includes/ajax-actions.php | Ajax handler for replying to a comment. |
| wp_prepare_revisions_for_js() wp-admin/includes/revision.php | Prepare revisions for JavaScript. |
| Custom_Image_Header::step_1() wp-admin/includes/class-custom-image-header.php | Display first step of custom header image page. |
| wp_heartbeat_settings() wp-includes/general-template.php | Default settings for heartbeat. |
| wp_nonce_url() wp-includes/functions.php | Retrieves URL with nonce added to URL query. |
| wp_nonce_field() wp-includes/functions.php | Retrieves or display nonce hidden field for forms. |
| wp_plupload_default_settings() wp-includes/media.php | Prints default Plupload arguments. |
| wp_prepare_attachment_for_js() wp-includes/media.php | Prepares an attachment post object for JS, where it is expected to be JSON-encoded and fit into an Attachment model. |
| wp_enqueue_media() wp-includes/media.php | Enqueues all scripts, styles, settings, and templates necessary to use all media JS APIs. |
| WP_Customize_Header_Image_Control::enqueue() wp-includes/customize/class-wp-customize-header-image-control.php | |
| wp_default_scripts() wp-includes/script-loader.php | Registers all WordPress scripts. |
Changelog
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_create_nonce