wp_nonce_url()
Adds a nonce token to the URL: ?_wpnonce=9d6bd884a1.
The result of the function is intended only for output, and not for internal usage in PHP (e.g. for redirect with wp_redirect()). That's because the functions escapes the value with esc_html().
Uses: wp_create_nonce()
1 time — 0.000102 sec (fast) | 50000 times — 2.28 sec (fast)
No Hooks.
Return
String. Escaped URL with nonce action added.
Usage
wp_nonce_url( $actionurl, $action, $name );
- $actionurl(string) (required)
- URL to add nonce action.
- $action(int|string)
- Nonce action name.
Default: -1 - $name(string)
- Nonce name.
Default: '_wpnonce'
Examples
#1 Basic example
echo wp_nonce_url( 'http://example.com/url' ); // output: http://example.com/url?_wpnonce=1ef8422137 echo wp_nonce_url( 'http://example.com/url?arg=data' ); // output: http://example.com/url?arg=data&_wpnonce=9d6bd884a1
#2 Another basic example
echo wp_nonce_url( 'http://example.com/url', 'my_nonce' ); // output: http://example.com/url?_wpnonce=4a875e9c59 // then check the url if( wp_verify_nonce( $_GET['_wpnonce'], 'my_nonce' ) ) echo "Check passed"; else echo "Check failed";
#3 Add nonce to the URL for use in wp_redirect()
The result of wp_nonce_url() is intended only for output on the screen, not for internal usage in PHP. If you want to add the nonce to the URL and use it in some function (e.g. wp_redirect()), you can do something like this:
$url = '/wp-admin/admin.php?page=foo'; $nonce = wp_create_nonce( 'my_nonce_key' ); // create nonce $nonce_url = add_query_arg( [ '_wpnonce'=>$nonce ], $url ); echo $nonce_url; //> /wp-admin/admin.php?page=foo&_wpnonce=74c42a878c
Changelog
| Since 2.0.4 | Introduced. |
wp_nonce_url() wp nonce url code WP 6.5.2
function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
$actionurl = str_replace( '&', '&', $actionurl );
return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
} 