A true security nonce is one time use only, that is it is deleted once checked.

WordPress creates a nonce that will remain valid for 12-24 hours (at least 12 hours, can be up to 24 hours) by default. While this means they can be used an unlimited amount of times within that valid period, which is a security weakness, they are tied to the logged in user ID so protect against attacks where the action is user_id based.

Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.


Your email address will not be published.