Merriam-Webster defines nonce as “the one, particular, or present occasion, purpose, or use.” In tech security (cryptography), a nonce is a number used once (“number once” became “nonce”) to identify a particular event.
A WordPress nonce (_wpnonce) is a random alphanumeric string (not simply numeric) used to reduce the possibility of a hacker interceding in the middle of a particular online action. An example of a WordPress nonce is the following URL for deleting a post:
.
If you’ve ever had WordPress ask “Are you sure you want to do this?” you’ve seen what happens when WordPress is unable to verify the nonce provided in the URL for the action you were requesting.
To learn more about using nonces in WordPress, read the WordPress Nonces from the Codex.