wp_nonce_url( string $actionurl, int|string $action = -1, string $name = '_wpnonce' ): string
Retrieves URL with nonce added to URL query.
Parameters
-
$actionurl
string Required -
URL to add nonce action.
-
$action
int|string Optional -
Nonce action name.
Default:
-1
-
$name
string Optional -
Nonce name. Default
'_wpnonce'
.Default:
'_wpnonce'
Return
string Escaped URL with nonce action added.
Source
File: wp-includes/functions.php
.
View all references
function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
$actionurl = str_replace( '&', '&', $actionurl );
return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
}
Related
Uses
Uses | Description |
---|---|
wp_create_nonce() wp-includes/pluggable.php |
Creates a cryptographic token tied to a specific action, user, user session, and window of time. |
esc_html() wp-includes/formatting.php |
Escaping for HTML blocks. |
add_query_arg() wp-includes/functions.php |
Retrieves a modified URL query string. |
Used By
Used By | Description |
---|---|
core_auto_updates_settings() wp-admin/update-core.php |
Display WordPress auto-updates settings. |
Plugin_Installer_Skin::do_overwrite() wp-admin/includes/class-plugin-installer-skin.php |
Check if the plugin can be overwritten and output the HTML for overwriting a plugin on upload. |
Theme_Installer_Skin::do_overwrite() wp-admin/includes/class-theme-installer-skin.php |
Check if the theme can be overwritten and output the HTML for overwriting a theme on upload. |
WP_MS_Themes_List_Table::column_autoupdates() wp-admin/includes/class-wp-ms-themes-list-table.php |
Handles the auto-updates column output. |
WP_Privacy_Data_Removal_Requests_List_Table::column_email() wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php |
Actions column. |
WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps() wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php |
Next steps column. |
WP_Privacy_Data_Export_Requests_List_Table::column_email() wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php |
Actions column. |
WP_Privacy_Data_Export_Requests_List_Table::column_next_steps() wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php |
Displays the next steps column. |
wp_admin_bar_recovery_mode_menu() wp-includes/admin-bar.php |
Adds a link to exit recovery mode when Recovery Mode is active. |
wp_recovery_mode_nag() wp-admin/includes/update.php |
Displays a notice when the user is in recovery mode. |
WP_Site_Health::get_test_https_status() wp-admin/includes/class-wp-site-health.php |
Tests if the site is serving content over HTTPS. |
do_block_editor_incompatible_meta_box() wp-admin/includes/template.php |
Renders a “fake” meta box with an information message, shown on the block editor, when an incompatible meta box is found. |
wp_load_press_this() wp-admin/press-this.php | |
wp_ajax_delete_plugin() wp-admin/includes/ajax-actions.php |
Ajax handler for deleting a plugin. |
wp_ajax_delete_theme() wp-admin/includes/ajax-actions.php |
Ajax handler for deleting a theme. |
WP_Posts_List_Table::handle_row_actions() wp-admin/includes/class-wp-posts-list-table.php |
Generates and displays row action links. |
WP_Links_List_Table::handle_row_actions() wp-admin/includes/class-wp-links-list-table.php |
Generates and displays row action links. |
WP_MS_Themes_List_Table::column_name() wp-admin/includes/class-wp-ms-themes-list-table.php |
Handles the name column output. |
WP_MS_Sites_List_Table::handle_row_actions() wp-admin/includes/class-wp-ms-sites-list-table.php |
Generates and displays row action links. |
WP_Terms_List_Table::handle_row_actions() wp-admin/includes/class-wp-terms-list-table.php |
Generates and displays row action links. |
WP_MS_Users_List_Table::handle_row_actions() wp-admin/includes/class-wp-ms-users-list-table.php |
Generates and displays row action links. |
wp_prepare_themes_for_js() wp-admin/includes/theme.php |
Prepares themes for JavaScript. |
delete_theme() wp-admin/includes/theme.php |
Removes a theme. |
get_theme_update_available() wp-admin/includes/theme.php |
Retrieves the update link if there is a theme update available. |
WP_Plugins_List_Table::single_row() wp-admin/includes/class-wp-plugins-list-table.php | |
Theme_Upgrader_Skin::after() wp-admin/includes/class-theme-upgrader-skin.php |
Action to perform following a single theme update. |
Theme_Installer_Skin::after() wp-admin/includes/class-theme-installer-skin.php |
Action to perform following a single theme install. |
Plugin_Installer_Skin::after() wp-admin/includes/class-plugin-installer-skin.php |
Action to perform following a plugin install. |
Plugin_Upgrader_Skin::after() wp-admin/includes/class-plugin-upgrader-skin.php |
Action to perform following a single plugin update. |
WP_Upgrader_Skin::request_filesystem_credentials() wp-admin/includes/class-wp-upgrader-skin.php |
Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
WP_Theme_Install_List_Table::install_theme_info() wp-admin/includes/class-wp-theme-install-list-table.php |
Prints the info for a theme (to be used in the theme installer modal). |
WP_Theme_Install_List_Table::single_row() wp-admin/includes/class-wp-theme-install-list-table.php |
Prints a theme from the WordPress.org API. |
wp_plugin_update_row() wp-admin/includes/update.php |
Displays update information for a plugin. |
wp_theme_update_row() wp-admin/includes/update.php |
Displays update information for a theme. |
install_plugin_install_status() wp-admin/includes/plugin-install.php |
Determines the status we can perform on a plugin. |
wp_dashboard_plugins_output() wp-admin/includes/deprecated.php |
Display plugins text for the WordPress news widget. |
delete_plugins() wp-admin/includes/plugin.php |
Removes directory and files of a plugin for a list of plugins. |
wp_import_upload_form() wp-admin/includes/template.php |
Outputs the form used by the importers to accept the data to be imported. |
WP_Themes_List_Table::display_rows() wp-admin/includes/class-wp-themes-list-table.php | |
WP_Users_List_Table::single_row() wp-admin/includes/class-wp-users-list-table.php |
Generate HTML for a single row on the users.php admin panel. |
get_media_item() wp-admin/includes/media.php |
Retrieves HTML form for modifying the image attachment. |
_admin_notice_post_locked() wp-admin/includes/post.php |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp_prepare_revisions_for_js() wp-admin/includes/revision.php |
Prepare revisions for JavaScript. |
link_submit_meta_box() wp-admin/includes/meta-boxes.php |
Displays link create form fields. |
wp_link_manager_disabled_message() wp-admin/includes/bookmark.php |
Outputs the ‘disabled’ message for the WordPress Link Manager. |
WP_Media_List_Table::_get_row_actions() wp-admin/includes/class-wp-media-list-table.php | |
Walker_Nav_Menu_Edit::start_el() wp-admin/includes/class-walker-nav-menu-edit.php |
Start the element output. |
do_core_upgrade() wp-admin/update-core.php |
Upgrade WordPress core display. |
do_dismiss_core_update() wp-admin/update-core.php |
Dismiss a core update. |
do_undismiss_core_update() wp-admin/update-core.php |
Undismiss a core update. |
wp_logout_url() wp-includes/general-template.php |
Retrieves the logout URL. |
get_delete_post_link() wp-includes/link-template.php |
Retrieves the delete posts link for post. |
Changelog
Version | Description |
---|---|
2.0.4 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
Note that
wp_nonce_url
escapes&
to&
and may cause links or redirects to become incorrect.Example
Plugin authors can safely add links that perform tasks using a combination of wp_nonce_url() and admin_url().
For instance, start by creating the link users can click to do something interesting:
Then, to detect when the user clicks the link, check the nonce validity using wp_verify_nonce() in the function you defined when you called add_menu_page() or one of its Administration Menus wrappers. If the nonce isn’t valid, the link wasn’t clicked, so display the link. Otherwise, do “something interesting.”
Note that the recommended “context” parameter of the nonce is used to disambiguate which button was pressed. If you make more than one button users can press, make sure each button has a different nonce name and/or context.