Provides sensible replacements of default nonce generation functions to more accurately reflect their expected behaviour.

Author:Roy Orbitson (profile at
WordPress version required:2.5.0
WordPress version tested:6.5.2
Plugin version:1.1.0
Added to WordPress repository:02-06-2021
Last updated:06-05-2024
Rating, %:0
Rated by:0
Plugin URI:
Total downloads:600
plugin download
Click to start download

The core functions’ documentation states that nonces, small validity tokens used throughout WordPress core and other plugins, have a lifespan of 1 day, however they can last as little as half that time. For common usage that may not be a problem, but if that lifespan is relied upon in any meaningful way, inexplicable failures can occur. For example, filters that shorten the lifespan may randomly make it difficult to complete some tasks before their nonce expires. Very long lifespans, such as those set by many caching and SEO optimization plugins, can result in forms and other actions suddenly breaking before the cached content expires and new nonces get generated. Imagine a contact form that’s cached for a week but stops working after 4 days, then starts working again if that cache is cleared. A cursory search for terms like caching nonce expired wordpress yields many results for relevant problems.

This plugin guarantees a nonce will last at least as long as it’s intended to, but up to ⅛ of a lifepsan more. By default, this means a nonce will last from 24 up to 27 hours, rather than anywhere from 12 to 24 hours. It was created because it was inappropriate to change the behaviour of such old code (in ticket #53236) because the functions are pluggable.

Hourglass icon by mavadee.