W3cubDocs

/WordPress

wp_create_nonce( string|int $action = -1 )

Creates a cryptographic token tied to a specific action, user, user session, and window of time.

Description

Parameters

$action

(string|int) (Optional) Scalar value to add context to the nonce.

Default value: -1

Return

(string) The token.

Source

File: wp-includes/pluggable.php

function wp_create_nonce( $action = -1 ) {
		$user = wp_get_current_user();
		$uid  = (int) $user->ID;
		if ( ! $uid ) {
			/** This filter is documented in wp-includes/pluggable.php */
			$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
		}

		$token = wp_get_session_token();
		$i     = wp_nonce_tick();

		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
	}

Changelog

Version Description
4.0.0 Session tokens were integrated with nonce creation
2.0.3 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_create_nonce