A “nonce” is a special security file that helps protect WordPress sites from being maliciously misused.
The term “nonce” stands for Number Usde Once, which is a bit confusing because it does not contain a number. Nonces, instead, are encrypted pieces of random data known as a “hash” that contains numbers and letters. The purpose of a nonce is to create unique URLs to protect WordPress sites against malevolent actions from outside parties.
For example, when you delete a post, it goes into the trash where it will be stored for up to 30 days. While waiting in the Trash to be deleted, the file will still exist and have its own URL. For instance, if you deleted a post called “www.myblog.com/Testpost/” then WordPress would change its URL to something like “www.myblog.com/Testpost&action=trash.”
An enterprising hacker could figure out that URL and thus access the file. By adding a nonce to the end of the URL, this makes it impossible for an outside person to guess the new URL. In order to access the file, the hacker would have to know the nonce, which contains random letters and numbers that are nearly impossible to guess.
If you’re new to WordPress, then you don’t need to worry about nonces as they will be generated and handled automatically. Nonces exist in order to protect your site and rely on something called cookies.
Most of the time, issues with nonces appear when using a poorly written plugin or theme. If you are seeing “403 Forbidden” messages, then this means that a plugin or your theme is having difficulty with nonces. Try turning off your plugins to see if this resolves the issue. If it does, continue to enable your plugins one by one to find which one is causing the problem.