check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )

  • (int|string) action The nonce action.
  • (string) query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
  • (int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid.
Defined at:
Change Log:
  • 2: .


Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.This function ensures the user intends to perform a given action, which helps protect against clickjacking style attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should be performed with `current_user_can()` or similar. If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.

Related Functions

check_ajax_referer, check_password_reset_key, check_upload_mimes, _get_admin_bar_pref, wp_admin_bar_header

Top Google Results

User discussions

wpseek mobile