wp_create_nonce( string|int $action = -1 )
Creates a cryptographic token tied to a specific action, user, user session, and window of time.
Parameters
- $action
-
(Optional) Scalar value to add context to the nonce.
Default value: -1
Return
(string) The token.
Source
File: wp-includes/pluggable.php
function wp_create_nonce($action = -1) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
}
$token = wp_get_session_token();
$i = wp_nonce_tick();
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
}
Related
Uses
Uses | Description |
---|---|
wp-includes/pluggable.php: wp_hash() |
Gets hash of given string. |
wp-includes/pluggable.php: nonce_user_logged_out |
Filters whether the user who generated the nonce is logged out. |
wp-includes/pluggable.php: wp_nonce_tick() |
Returns the time-dependent variable for nonce creation. |
wp-includes/pluggable.php: wp_get_current_user() |
Retrieves the current user object. |
wp-includes/user.php: wp_get_session_token() |
Retrieves the current session token from the logged_in cookie. |
wp-includes/plugin.php: apply_filters() |
Calls the callback functions that have been added to a filter hook. |
Used By
Used By | Description |
---|---|
wp-admin/includes/class-wp-site-health.php: WP_Site_Health::wp_cron_scheduled_check() |
Runs the scheduled event to check and update the latest site health status for the website. |
wp-admin/includes/class-wp-site-health.php: WP_Site_Health::enqueue_scripts() |
Enqueues the site health scripts. |
wp-admin/includes/class-wp-site-health.php: WP_Site_Health::get_test_rest_availability() |
Tests if the REST API is accessible. |
wp-admin/includes/plugin.php: resume_plugin() |
Tries to resume a single plugin. |
wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php: WP_Privacy_Data_Export_Requests_List_Table::column_email() |
Actions column. |
wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php: WP_Privacy_Data_Export_Requests_List_Table::column_next_steps() |
Displays the next steps column. |
wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php: WP_Privacy_Data_Removal_Requests_List_Table::column_email() |
Actions column. |
wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php: WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps() |
Next steps column. |
wp-admin/includes/ajax-actions.php: wp_ajax_rest_nonce() |
Ajax handler to renew the REST API nonce. |
wp-admin/includes/ajax-actions.php: wp_ajax_quick_edit_attachment() |
Ajax handler for updating attachment values and attributes. |
wp-admin/includes/misc.php: wp_refresh_heartbeat_nonces() |
Adds the latest Heartbeat and REST-API nonce to the Heartbeat response. |
wp-admin/includes/theme.php: resume_theme() |
Tries to resume a single theme. |
wp-includes/script-loader.php: wp_default_packages_inline_scripts() |
Adds inline scripts required for the WordPress JavaScript packages. |
wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php: WP_REST_Autosaves_Controller::prepare_item_for_response() |
Prepares the revision for the REST response. |
wp-includes/customize/class-wp-customize-background-image-control.php: WP_Customize_Background_Image_Control::enqueue() |
Enqueue control related scripts/styles. |
wp-includes/customize/class-wp-customize-header-image-control.php: WP_Customize_Header_Image_Control::enqueue() | |
wp-includes/general-template.php: wp_heartbeat_settings() |
Default settings for heartbeat. |
wp-includes/script-loader.php: wp_default_scripts() |
Register all ClassicPress scripts. |
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::refresh_nonces() |
Refreshes the nonce for widget updates. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::get_nonces() |
Gets nonces for the Customizer. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request() |
Loads themes into the theme browsing/installation UI. |
wp-includes/rest-api.php: rest_cookie_check_errors() |
Checks for errors when using cookie-based authentication. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::filter_nonces() |
Adds a nonce for customizing menus. |
wp-includes/functions.php: wp_nonce_url() |
Retrieves URL with nonce added to URL query. |
wp-includes/functions.php: wp_nonce_field() |
Retrieves or display nonce hidden field for forms. |
wp-admin/includes/class-custom-image-header.php: Custom_Image_Header::step_1() |
Display first step of custom header image page. |
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_parent() |
Handles the parent column output. |
wp-admin/includes/misc.php: wp_refresh_post_nonces() |
Checks nonce expiration on the New/Edit Post screen and refresh if needed. |
wp-admin/includes/media.php: edit_form_image_editor() |
Displays the image and editor in the post editor |
wp-admin/includes/media.php: media_upload_form() |
Outputs the legacy media upload form. |
wp-admin/includes/media.php: get_media_item() |
Retrieves HTML form for modifying the image attachment. |
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::handle_row_actions() |
Generates and displays row actions links. |
wp-admin/includes/template.php: compression_test() |
Tests support for compressing JavaScript from PHP. |
wp-admin/includes/template.php: _list_meta_row() |
Outputs a single row of public meta data in the Custom Fields meta box. |
wp-admin/includes/image-edit.php: wp_image_editor() |
Loads the WP image-editing interface. |
wp-admin/includes/plugin-install.php: install_plugins_favorites_form() |
Shows a username form for the favorites page. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme() |
Ajax handler for installing a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin() |
Ajax handler for installing a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_query_themes() |
Ajax handler for getting themes from themes_api(). |
wp-admin/includes/ajax-actions.php: wp_ajax_replyto_comment() |
Ajax handler for replying to a comment. |
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows() | |
wp-admin/includes/plugin.php: activate_plugin() |
Attempts activation of plugin in a “sandbox” and redirects on success. |
wp-admin/includes/post.php: _admin_notice_post_locked() |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp-admin/includes/post.php: post_preview() |
Saves a draft or manually autosaves for the purpose of showing a post preview. |
wp-admin/includes/dashboard.php: _wp_dashboard_recent_comments_row() |
Outputs a row for the Recent Comments widget. |
wp-admin/includes/revision.php: wp_prepare_revisions_for_js() |
Prepare revisions for JavaScript. |
Changelog
Version | Description |
---|---|
4.0.0 | Session tokens were integrated with nonce creation. |
2.0.3 | Introduced. |