What is: Nonce?

A “nonce” is a special security file that helps protect WordPress sites from being maliciously misused.

The term “nonce” stands for Number Used Once, which is a bit confusing because it does not contain a number. Nonces, instead, are encrypted pieces of random data known as a “hash” that contains numbers and letters. The purpose of a nonce is to create unique URLs to protect WordPress sites against malevolent actions from outside parties.

For example, when you delete a post, it goes into the trash where it will be stored for up to 30 days. While waiting in the Trash to be deleted, the file will still exist and have its own URL. For instance, if you deleted a post called “www.myblog.com/Testpost/” then WordPress would change its URL to something like “www.myblog.com/Testpost&action=trash.”

An enterprising hacker could figure out that URL and thus access the file. By adding a nonce to the end of the URL, this makes it impossible for an outside person to guess the new URL. In order to access the file, the hacker would have to know the nonce, which contains random letters and numbers that are nearly impossible to guess.

If you’re new to WordPress, then you don’t need to worry about nonces as they will be generated and handled automatically. Nonces exist in order to protect your site and rely on something called cookies.

Most of the time, issues with nonces appear when using a poorly written plugin or theme. If you are seeing “403 Forbidden” messages, then this means that a plugin or your theme is having difficulty with nonces. Try turning off your plugins to see if this resolves the issue. If it does, continue to enable your plugins one by one to find which one is causing the problem.

The following two tabs change content below.

Jamie Spencer

My name is Jamie Spencer and I have spent the past 10 years building money making blogs. After growing tired of the 9-5, commuting and never seeing my family I decided that I wanted to make some changes and launched my first blog. Since then I have launched lots of successful niche blogs and after selling my survivalist blog I decided to teach other people how to do the same.