wp_create_nonce( string|int $action = -1 )

Creates a cryptographic token tied to a specific action, user, user session, and window of time.

Parameters

$action

(string|int) (Optional) Scalar value to add context to the nonce.

Default value: -1

Return

(string) The token.

More Information

The function should be called using the init or any subsequent action hook. Calling it outside of an action hook can lead to problems, see the ticket #14024 for details.

Source

File: wp-includes/pluggable.php

function wp_create_nonce( $action = -1 ) {
		$user = wp_get_current_user();
		$uid  = (int) $user->ID;
		if ( ! $uid ) {
			/** This filter is documented in wp-includes/pluggable.php */
			$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
		}

		$token = wp_get_session_token();
		$i     = wp_nonce_tick();

		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
	}

Changelog

Version Description
4.0.0 Session tokens were integrated with nonce creation
2.0.3 Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_create_nonce