function wp_verify_nonce($nonce, $action = -1) {}

Verify that correct nonce was used with time limit.
The user is given an amount of time to use the token, so therefore, since the UID and $action remain the same, the independent variable is the time.


  • string $nonce: Nonce that was used in the form to verify
  • string|int $action: Should give context to what is taking place and be the same when nonce was created.

Return values

returns:Whether the nonce check passed or failed.

Source code

function wp_verify_nonce($nonce, $action = -1) {

	$user = wp_get_current_user();

	$uid = (int) $user->ID;

	$i = wp_nonce_tick();

	// Nonce generated 0-12 hours ago

	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 1;

	// Nonce generated 12-24 hours ago

	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 2;

	// Invalid nonce

	return false;



No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: