WP_Plugin_Dependencies::check_plugin_dependencies_during_ajax()wp-includes/class-wp-plugin-dependencies.php |
Checks plugin dependencies after a plugin is installed via AJAX.
|
wp_get_plugin_action_button()wp-admin/includes/plugin-install.php |
Gets the markup for the plugin install action button.
|
wp_block_theme_activate_nonce()wp-includes/theme-previews.php |
Set a JavaScript constant for theme activation.
|
wp_refresh_metabox_loader_nonces()wp-admin/includes/misc.php |
Refresh nonces used with meta boxes in the block editor.
|
WP_Site_Health::wp_cron_scheduled_check()wp-admin/includes/class-wp-site-health.php |
Runs the scheduled event to check and update the latest site health status for the website.
|
WP_Privacy_Data_Removal_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php |
Outputs the Actions column.
|
WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php |
Outputs the Next steps column.
|
wp_ajax_rest_nonce()wp-admin/includes/ajax-actions.php |
Handles renewing the REST API nonce via AJAX.
|
WP_Privacy_Data_Export_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php |
Actions column.
|
WP_Privacy_Data_Export_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php |
Displays the next steps column.
|
resume_theme()wp-admin/includes/theme.php |
Tries to resume a single theme.
|
WP_Site_Health::get_test_rest_availability()wp-admin/includes/class-wp-site-health.php |
Tests if the REST API is accessible.
|
WP_Site_Health::enqueue_scripts()wp-admin/includes/class-wp-site-health.php |
Enqueues the site health scripts.
|
resume_plugin()wp-admin/includes/plugin.php |
Tries to resume a single plugin.
|
WP_REST_Autosaves_Controller::prepare_item_for_response()wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php |
Prepares the revision for the REST response.
|
wp_default_packages_inline_scripts()wp-includes/script-loader.php |
Adds inline scripts required for the WordPress JavaScript packages.
|
wp_refresh_heartbeat_nonces()wp-admin/includes/misc.php |
Adds the latest Heartbeat and REST API nonce to the Heartbeat response.
|
WP_Customize_Manager::handle_load_themes_request()wp-includes/class-wp-customize-manager.php |
Loads themes into the theme browsing/installation UI.
|
wp_localize_community_events()wp-includes/script-loader.php |
Localizes community events data that needs to be passed to dashboard.js.
|
wp_ajax_install_theme()wp-admin/includes/ajax-actions.php |
Handles installing a theme via AJAX.
|
wp_ajax_install_plugin()wp-admin/includes/ajax-actions.php |
Handles installing a plugin via AJAX.
|
WP_Customize_Manager::get_nonces()wp-includes/class-wp-customize-manager.php |
Gets nonces for the Customizer.
|
WP_Customize_Nav_Menus::filter_nonces()wp-includes/class-wp-customize-nav-menus.php |
Adds a nonce for customizing menus.
|
rest_cookie_check_errors()wp-includes/rest-api.php |
Checks for errors when using cookie-based authentication.
|
WP_Comments_List_Table::handle_row_actions()wp-admin/includes/class-wp-comments-list-table.php |
Generates and displays row actions links.
|
WP_Media_List_Table::column_parent()wp-admin/includes/class-wp-media-list-table.php |
Handles the parent column output.
|
WP_Customize_Widgets::refresh_nonces()wp-includes/class-wp-customize-widgets.php |
Refreshes the nonce for widget updates.
|
WP_Customize_Background_Image_Control::enqueue()wp-includes/customize/class-wp-customize-background-image-control.php |
Enqueue control related scripts/styles.
|
wp_image_editor()wp-admin/includes/image-edit.php |
Loads the WP image-editing interface.
|
wp_refresh_post_nonces()wp-admin/includes/misc.php |
Checks nonce expiration on the New/Edit Post screen and refresh if needed.
|
install_plugins_favorites_form()wp-admin/includes/plugin-install.php |
Shows a username form for the favorites page.
|
_wp_dashboard_recent_comments_row()wp-admin/includes/dashboard.php |
Outputs a row for the Recent Comments widget.
|
activate_plugin()wp-admin/includes/plugin.php |
Attempts activation of plugin in a “sandbox” and redirects on success.
|
compression_test()wp-admin/includes/template.php |
Tests support for compressing JavaScript from PHP.
|
_list_meta_row()wp-admin/includes/template.php |
Outputs a single row of public meta data in the Custom Fields meta box.
|
edit_form_image_editor()wp-admin/includes/media.php |
Displays the image and editor in the post editor
|
get_media_item()wp-admin/includes/media.php |
Retrieves HTML form for modifying the image attachment.
|
media_upload_form()wp-admin/includes/media.php |
Outputs the legacy media upload form.
|
_admin_notice_post_locked()wp-admin/includes/post.php |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post.
|
post_preview()wp-admin/includes/post.php |
Saves a draft or manually autosaves for the purpose of showing a post preview.
|
wp_ajax_query_themes()wp-admin/includes/ajax-actions.php |
Handles getting themes from themes_api() via AJAX.
|
wp_ajax_replyto_comment()wp-admin/includes/ajax-actions.php |
Handles replying to a comment via AJAX.
|
wp_prepare_revisions_for_js()wp-admin/includes/revision.php |
Prepare revisions for JavaScript.
|
Custom_Image_Header::step_1()wp-admin/includes/class-custom-image-header.php |
Displays first step of custom header image page.
|
wp_heartbeat_settings()wp-includes/general-template.php |
Default settings for heartbeat.
|
wp_nonce_url()wp-includes/functions.php |
Retrieves URL with nonce added to URL query.
|
wp_nonce_field()wp-includes/functions.php |
Retrieves or display nonce hidden field for forms.
|
wp_plupload_default_settings()wp-includes/media.php |
Prints default Plupload arguments.
|
wp_prepare_attachment_for_js()wp-includes/media.php |
Prepares an attachment post object for JS, where it is expected to be JSON-encoded and fit into an Attachment model.
|
wp_enqueue_media()wp-includes/media.php |
Enqueues all scripts, styles, settings, and templates necessary to use all media JS APIs.
|
WP_Customize_Header_Image_Control::enqueue()wp-includes/customize/class-wp-customize-header-image-control.php |
|
wp_default_scripts()wp-includes/script-loader.php |
Registers all WordPress scripts.
|
Skip to note 2 content
Codex
Example
In this simple example, we create an nonce and use it as one of the
GETquery parameters in a URL for a link. When the user clicks the link they are directed to a page where a certain action will be performed (for example, a post might be deleted). On the target page the nonce is verified to insure that the request was valid (this user really clicked the link and really wants to perform this action)./* * Step A: Create an nonce for a link. * We pass it as a GET parameter. * The target page will perform some action based on the 'do_something' parameter. */ $nonce = wp_create_nonce( 'my-nonce' ); ?> <a href='myplugin.php?do_something=some_action&_wpnonce=<?php echo esc_attr( $nonce ); ?>'></a> <pre class="wp-block-code"><code lang="php" class="language-php ">/*
* Step B: This code would go in the target page.
* We need to verify the nonce.
*/
$nonce = $_REQUEST[‘_wpnonce’];
if ( ! wp_verify_nonce( $nonce, ‘my-nonce’ ) ) {
// This nonce is not valid.
die( __( ‘Security check’, ‘textdomain’ ) );
} else {
// The nonce was valid.
// Do stuff here.
}
In the above example we simply called our nonce
my-nonce. It is best to choose a name for the nonce that is specific to the action. For example, if we were to create an nonce that would be part of a request to delete a post, we might call itdelete_post. Then to make it more specific, we could append the ID of the particular post that the nonce was for. For exampledelete_post-5for the post with ID 5.wp_create_nonce( 'delete_post-' . $post_id );Then we would verify the nonce like this:
wp_verify_nonce( $nonce, "delete_post-{$_REQUEST['post_id']}" );In general, it is best to make the name for the action as specific as possible.